Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-PX7W-C9GW-7GJ3
HistoryFeb 27, 2024 - 9:31 a.m.

Apache James server: Privilege escalation via JMX pre-authentication deserialization

2024-02-2709:31:16
Google
osv.dev
8
apache james
privilege escalation
jmx
pre-authentication
deserialization
vulnerable version
upgrade
isolated environment
docker
virtual machine
turn off.

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.
Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.
Note that by default JMX endpoint is only bound locally.

We recommend users to:
Ā - Upgrade to a non-vulnerable Apache James version

- Run Apache James isolated from other processes (docker - dedicated virtual machine)
Ā - If possible turn off JMX

Related

veracode 1
github 1
cvelist 1
nvd 1
prion 1
cve 1
veracode
veracode
Deserialization Of Untrusted Data
2024-02-29 08:00:04
github
github
Apache James server: Privilege escalation via JMX pre-authentication deserialization
2024-02-27 09:31:16
cvelist
cvelist
CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation
2024-02-27 09:09:31
nvd
nvd
CVE-2023-51518
2024-02-27 09:15:36
prion
prion
Authentication flaw
2024-02-27 09:15:00
cve
cve
CVE-2023-51518
2024-02-27 09:15:36

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for OSV:GHSA-PX7W-C9GW-7GJ3
veracode1github1cvelist1nvd1prion1cve1