CVE-2021-38542

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache James versions prior to 3.6.1

Description The issue allows for a buffering attack using the STARTTLS command, potentially leading to Man-in-the-middle command injection attacks. This could result in the leakage of sensitive information.

Recommendations For versions prior to 3.6.1, update to release 3.6.1 or later to resolve the issue.

Fix

Use of a Broken Cryptographic Algorithm

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-77

Related Identifiers

CVE-2021-38542

GHSA-84WG-RGP8-2HG4

Affected Products

Apache James

CVE-2021-38542

Weakness Enumeration

Related Identifiers

Affected Products

References · 8