PT-2017-12610 · Apache · Apache James

Published

2017-10-20

Updated

2022-05-17

CVE-2017-12628

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache James versions prior to 3.0.1

Description The issue concerns a java de-serialization problem in the JMX server embedded in Apache James, which can be exploited to execute arbitrary commands. This can be used for privilege escalation, as the JMX socket is exposed by default only on the local host.

Recommendations For versions prior to 3.0.1, upgrade to release 3.0.1 to resolve the issue.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2017-12628

GHSA-XJ7Q-Q94C-6WR3

Affected Products

Apache James

PT-2017-12610 · Apache · Apache James

CVE-2017-12628

Weakness Enumeration

Related Identifiers

Affected Products

References · 8