Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-51518
HistoryFeb 27, 2024 - 9:15 a.m.

CVE-2023-51518

2024-02-2709:15:36
CWE-502
[email protected]
web.nvd.nist.gov
2154
apache james
cve-2023-51518
jmx endpoint
deserialisation
exploit chain
privilege escalation
security
vulnerability
nvd
patch
upgrade
isolation
docker
virtual machine

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.
Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.
Note that by default JMX endpoint is only bound locally.

We recommend users to:
Ā - Upgrade to a non-vulnerable Apache James version

- Run Apache James isolated from other processes (docker - dedicated virtual machine)
Ā - If possible turn off JMX

Related

veracode 1
cvelist 1
osv 1
github 1
prion 1
veracode
veracode
Deserialization Of Untrusted Data
2024-02-29 08:00:04
cvelist
cvelist
CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation
2024-02-27 09:09:31
osv
osv
Apache James server: Privilege escalation via JMX pre-authentication deserialization
2024-02-27 09:31:16
github
github
Apache James server: Privilege escalation via JMX pre-authentication deserialization
2024-02-27 09:31:16
prion
prion
Authentication flaw
2024-02-27 09:15:00

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON
Related for CVE-2023-51518
veracode1cvelist1osv1github1prion1