CVE-2023-26269

Description

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user.

Administrators are advised to disable JMX, or set up a JMX password.

Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.

NVD
Severity: HIGH
CVE ID: CVE-2023-26269
CVSS Score: 7.8
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

mbadanoiu

CVE-2023-26269: Misconfigured JMX in Apache James

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept