threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache james
Product
apache james
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-51747
all versions
Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling mi
7.1
HIGH
CVE-2023-51518
all versions
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of
9.8
CRITICAL
CVE-2023-26269
< 3.7.4
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows pri
7.8
HIGH
CVE-2022-45935
<= 3.7.2
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access priva
5.5
MEDIUM
CVE-2022-45787
< 0.8.9
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to ot
5.5
MEDIUM
CVE-2022-28220
<= 3.6.2
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix
7.5
HIGH
CVE-2022-22931
all versions
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mail
4.3
MEDIUM
CVE-2021-40525
< 3.6.2
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowi
9.1
CRITICAL
CVE-2021-40111
< 3.6.1
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could b
6.5
MEDIUM
CVE-2021-40110
< 3.6.1
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Serv
7.5
HIGH
CVE-2021-38542
< 3.6.1
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can resul
5.9
MEDIUM
CVE-2019-0228
all versions
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External
9.8
CRITICAL
CVE-2006-2806
all versions
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of servic
CVE-2004-2650
all versions
Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering variou
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin