Vulnerabilities > Apache > James > 3.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-03 | CVE-2023-26269 | Unspecified vulnerability in Apache James Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. | 7.8 |
| 2023-01-06 | CVE-2022-45935 | Unspecified vulnerability in Apache James Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. | 5.5 |
| 2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |