James Security Vulnerabilities and Issues — James CVE List

Lucene search

ApacheJames

3 matches found

CVE•added 2024/02/27 9:15 a.m.•4112 views

CVE-2023-51518

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.Note that by default JMX en...

9.8CVSS9.5AI score0.00445EPSS

CVE•added 2019/04/17 3:29 p.m.•123 views

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

9.8CVSS8.9AI score0.07835EPSS

CVE•added 2022/01/04 9:15 a.m.•76 views

CVE-2021-40525

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products...

9.1CVSS6.4AI score0.04247EPSS