Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-51518
HistoryFeb 27, 2024 - 9:15 a.m.

Authentication flaw

2024-02-2709:15:00
PRIOn knowledge base
www.prio-n.com
2
apache james
jmx endpoint
pre-authentication deserialization
privilege escalation
upgrade
isolation
docker
virtual machine
turn off jmx
vulnerability

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.
Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.
Note that by default JMX endpoint is only bound locally.

We recommend users to:
Ā - Upgrade to a non-vulnerable Apache James version

- Run Apache James isolated from other processes (docker - dedicated virtual machine)
Ā - If possible turn off JMX

Related

veracode 1
github 1
cvelist 1
nvd 1
osv 1
cve 1
veracode
veracode
Deserialization Of Untrusted Data
2024-02-29 08:00:04
github
github
Apache James server: Privilege escalation via JMX pre-authentication deserialization
2024-02-27 09:31:16
cvelist
cvelist
CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation
2024-02-27 09:09:31
nvd
nvd
CVE-2023-51518
2024-02-27 09:15:36
osv
osv
Apache James server: Privilege escalation via JMX pre-authentication deserialization
2024-02-27 09:31:16
cve
cve
CVE-2023-51518
2024-02-27 09:15:36

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for PRION:CVE-2023-51518
veracode1github1cvelist1nvd1osv1cve1