Every CVE whose affected-product data names Apache James, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2019-0228 — CVSS 9.8 (critical): Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity…
CVE-2023-51518 — CVSS 9.8 (critical): Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of…
CVE-2021-40525 — CVSS 9.1 (critical): Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing…
CVE-2023-26269 — CVSS 7.8 (high): Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege…
CVE-2006-2806 — CVSS 7.8 (high): The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU…
CVE-2022-28220 — CVSS 7.5 (high): Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of…
CVE-2021-40110 — CVSS 7.5 (high): In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using…
CVE-2023-51747 — CVSS 7.1 (high): Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create…
CVE-2021-40111 — CVSS 6.5 (medium): In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to…
CVE-2021-38542 — CVSS 5.9 (medium): Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in…
CVE-2022-45787 — CVSS 5.5 (medium): Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local…
CVE-2022-45935 — CVSS 5.5 (medium): Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user…
CVE-2004-2650 — CVSS 4.9 (medium): Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error…
CVE-2022-22931 — CVSS 4.3 (medium): Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store…