We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | apache |
Reserved | 2023-02-21 |
Published | 2023-04-03 |
Updated | 2024-10-23 |
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
Matei "Mal" Badanoiu
https://lists.apache.org/thread/2z44rg93pflbjhvbwy3xtz505bx41cbs
http://www.openwall.com/lists/oss-security/2023/04/18/3