org.apache.james: james-server is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to a JMX endpoint being exposed on localhost, allowing exploitation with a deserialization gadget, potentially resulting in privilege escalation or remote code execution.
CPE | Name | Operator | Version |
---|---|---|---|
apache james :: server | eq | 3.8.0 | |
apache james :: server | le | 3.7.4 | |
apache james :: server | eq | 3.8.0 | |
apache james :: server | le | 3.7.4 |