Apache Software Foundation James 3.7.0

CPE Details

Apache Software Foundation James 3.7.0
apache
james
3.7.0
2022-09-13
15h39 +00:00
2022-09-19
09h14 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:james:3.7.0:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

james

Version

3.7.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-26269 2023-04-03 07h59 +00:00 Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
7.8
Haute
CVE-2022-45935 2023-01-06 09h33 +00:00 Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.
5.5
Moyen
CVE-2022-28220 2022-09-08 05h40 +00:00 Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.
7.5
Haute