James Security Vulnerabilities and Issues — James CVE List

Lucene search

ApacheJames

4 matches found

CVE•added 2022/01/04 9:15 a.m.•105 views

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.

5.9CVSS6.1AI score0.00284EPSS

CVE•added 2022/01/04 9:15 a.m.•76 views

CVE-2021-40525

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products...

9.1CVSS6.4AI score0.04247EPSS

CVE•added 2022/01/04 9:15 a.m.•67 views

CVE-2021-40110

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of RE...

7.5CVSS7.6AI score0.0078EPSS

CVE•added 2022/01/04 9:15 a.m.•61 views

CVE-2021-40111

In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs...

6.5CVSS6.3AI score0.00559EPSS