Vulnerabilities > Apache > James > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-03 | CVE-2023-26269 | Missing Authorization vulnerability in Apache James Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. | 7.8 |
| 2022-09-08 | CVE-2022-28220 | Command Injection vulnerability in Apache James Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 7.5 |
| 2022-01-04 | CVE-2021-40110 | Unspecified vulnerability in Apache James 2.2.0/3.3.0/3.4.0 In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. | 7.5 |