CVE-2023-51518
Apache James server: Privilege escalation via JMX pre-authentication deserialisation
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 1.2%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
27 Feb 2024Published on NVD
03 Jun 2024Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.
Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.
Note that by default JMX endpoint is only bound locally.
We recommend users to:
- Upgrade to a non-vulnerable Apache James version
- Run Apache James isolated from other processes (docker - dedicated virtual machine)
- If possible turn off JMX
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Apache Software Foundation · Apache James serverpublic PoCs found — 1
githubgithub.com/mbadanoiu/CVE-2023-51518★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →