Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a
malicious local user.
Administrators are advised to disable JMX, or set up a JMX password.
Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-04-03T07:59:13.228Z
Updated: 2024-08-02T11:46:24.411Z
Reserved: 2023-02-21T08:48:22.411Z
Link: CVE-2023-26269
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-03T08:15:07.087
Modified: 2023-04-18T03:15:07.593
Link: CVE-2023-26269
Redhat
No data.