We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-26269

Apache James server: Privilege escalation through unauthenticated JMX



Assignerapache
Reserved2023-02-21
Published2023-04-03
Updated2024-10-23

Description

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.

Product status

Default status
unaffected

Any version
affected

Credits

Matei "Mal" Badanoiu reporter

References

https://lists.apache.org/thread/2z44rg93pflbjhvbwy3xtz505bx41cbs vendor-advisory

http://www.openwall.com/lists/oss-security/2023/04/18/3

cve.org CVE-2023-26269

nvd.nist.gov CVE-2023-26269

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-26269
Subscribe to our newsletter to learn more about our work.