Lucene search
Veracode Vulnerability DatabaseVERACODE:33525HistoryJan 05, 2022 - 5:31 p.m.
Information Disclosure
2022-01-0517:31:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
34.6%
apache-james-imap-api is vulnerable to information disclosure. The vulnerability exists due to the use of STARTTLS commands which allows an attacker to gain access to sensitive information.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache james imap api | le | 0.3 | |
| apache james imap api | le | 0.3 |
References
www.openwall.com/lists/oss-security/2022/01/04/1
www.openwall.com/lists/oss-security/2022/09/20/1
github.com/advisories/GHSA-84wg-rgp8-2hg4
github.com/apache/james-project/commit/6263d87f10fd733fc4d7933a24ca7fe21cea7ff
github.com/apache/james-project/pull/596
www.openwall.com/lists/oss-security/2022/01/04/1
Related
github
github
Command Injection in Apache James
2022-01-08 00:40:33
Apache James vulnerable to buffering attack
2022-09-09 00:00:57
cnvd
cnvd
Apache James Command Injection Vulnerability
2022-01-07 00:00:00
cve
cve
CVE-2021-38542
2022-01-04 09:15:07
CVE-2022-28220
2022-09-08 08:15:07
nvd
nvd
CVE-2021-38542
2022-01-04 09:15:07
CVE-2022-28220
2022-09-08 08:15:07
osv
osv
Command Injection in Apache James
2022-01-08 00:40:33
CVE-2021-38542
2022-01-04 09:15:07
Apache James vulnerable to buffering attack
2022-09-09 00:00:57
prion
prion
Command injection
2022-01-04 09:15:00
Command injection
2022-09-08 08:15:00
cvelist
cvelist
CVE-2021-38542 Apache James vulnerable to STARTTLS command injection (IMAP and POP3)
2022-01-04 08:55:21
CVE-2022-28220 STARTTLS command injection in Apache JAMES
2022-09-08 07:40:09