Vulnerabilities > Apache > James Server > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-20 CVE-2017-12628 Deserialization of Untrusted Data vulnerability in Apache James Server 2.3.2/2.3.2.1/3.0.0
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands.
local
low complexity
apache CWE-502
7.8
2016-06-07 CVE-2015-7611 OS Command Injection vulnerability in Apache James Server 2.3.2
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
network
high complexity
apache CWE-78
8.1