Vulnerabilities > Apache > James > High

DATE CVE VULNERABILITY TITLE RISK
2023-04-03 CVE-2023-26269 Unspecified vulnerability in Apache James
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default.
local
low complexity
apache
7.8
2022-09-08 CVE-2022-28220 Command Injection vulnerability in Apache James
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command.
network
low complexity
apache CWE-77
7.5
2022-01-04 CVE-2021-40110 Unspecified vulnerability in Apache James 2.2.0/3.3.0/3.4.0
In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression.
network
low complexity
apache
7.5