Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a
malicious local user.
Administrators are advised to disable JMX, or set up a JMX password.
Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2023-04-03T07:59:13.228Z
Updated: 2023-04-03T07:59:13.228Z
Reserved: 2023-02-21T08:48:22.411Z
Link: CVE-2023-26269
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-03T08:15:07.087
Modified: 2023-04-18T03:15:07.593
Link: CVE-2023-26269
JSON object: View
Redhat Information
No data.
CWE