Apache » James Server » 2.3.2 : Security Vulnerabilities, CVEs, CVSS score >= 3

cpe:2.3:a:apache:james_server:2.3.2:*:*:*:*:*:*:*

CVE-2017-12628

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-10-20
Updated
2017-11-08

CVE-2015-7611

Public exploit
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
Max CVSS
9.3
EPSS Score
78.94%
Published
2016-06-07
Updated
2018-10-09
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close