Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-40525 Vulnerability in maven package org.apache.james:james-server

Description

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/01/04/4

http://www.openwall.com/lists/oss-security/2022/02/07/1

https://www.openwall.com/lists/oss-security/2022/01/04/4

Related Vulnerabilities

CVE-2023-31453 Vulnerability in maven package org.apache.inlong:manager-web

CVE-2021-32809 Vulnerability in npm package ckeditor4

CVE-2019-16574 Vulnerability in maven package com.alauda.jenkins.plugins:alauda-devops-pipeline

CVE-2019-16571 Vulnerability in maven package org.jenkins-ci.plugins:rapiddeploy-jenkins

CVE-2019-10246 Vulnerability in maven package org.eclipse.jetty:jetty-util

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Mailing List Third Party Advisory