Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-51518
HistoryFeb 27, 2024 - 9:15 a.m.

CVE-2023-51518

2024-02-2709:15:36
CWE-502
[email protected]
web.nvd.nist.gov
apache james
jmx
deserialization vulnerability
privilege escalation
upgrade
isolation
docker
virtual machine
jmx endpoint
localhost

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.
Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.
Note that by default JMX endpoint is only bound locally.

We recommend users to:
Ā - Upgrade to a non-vulnerable Apache James version

- Run Apache James isolated from other processes (docker - dedicated virtual machine)
Ā - If possible turn off JMX

Related

veracode 1
github 1
cvelist 1
osv 1
prion 1
cve 1
veracode
veracode
Deserialization Of Untrusted Data
2024-02-29 08:00:04
github
github
Apache James server: Privilege escalation via JMX pre-authentication deserialization
2024-02-27 09:31:16
cvelist
cvelist
CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation
2024-02-27 09:09:31
osv
osv
Apache James server: Privilege escalation via JMX pre-authentication deserialization
2024-02-27 09:31:16
prion
prion
Authentication flaw
2024-02-27 09:15:00
cve
cve
CVE-2023-51518
2024-02-27 09:15:36

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for NVD:CVE-2023-51518
veracode1github1cvelist1osv1prion1cve1