ID CVE-2023-26269
Summary Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:james:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.7.3:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 18-04-2023 - 03:15
Published 03-04-2023 - 08:15
Last modified 18-04-2023 - 03:15
Back to Top