Vulnerabilities > Apache > James > 3.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-06 | CVE-2022-45935 | Exposure of Resource to Wrong Sphere vulnerability in Apache James Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. | 5.5 |
2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |
2022-01-04 | CVE-2021-38542 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache James 2.2.0/3.3.0/3.4.0 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 5.9 |
2022-01-04 | CVE-2021-40525 | Path Traversal vulnerability in Apache James Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. | 6.4 |
2019-04-17 | CVE-2019-0228 | XXE vulnerability in multiple products Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | 9.8 |