CVE-2021-40525

Name of the Vulnerable Software and Affected Versions Apache James versions prior to 3.6.1

Description The issue concerns a path traversal vulnerability in the Apache James ManagedSieve implementation, which affects the file storage for sieve scripts. This allows for the reading and writing of any file. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For versions prior to 3.6.1, upgrade to Apache James 3.6.1 or higher to resolve the issue. As a temporary workaround, consider restricting access to the ManagedSieve implementation and the file storage for sieve scripts to minimize the risk of exploitation.