CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Apache: >> James >> 3.7.3 Security Vulnerabilities

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.

CVSS Score

7.8

EPSS Score

0.012

Published

2023-04-03

Page 1

Vulnerabilities

Vulnerable Software

Apache: >> James >> 3.7.3 Security Vulnerabilities

Products

Pricing

Contact Us