Back to search
CVE-2021-40525
Published: Jan 4, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache James | affected Apache James - <= 3.6.0 |
Weaknesses (CWE)
References
https://www.openwall.com/lists/oss-security/2022/01/04/4
x_refsource_MISC
[oss-security] 20220104 CVE-2021-40525: Apache James: Sieve file storage vulnerable to path traversal attacks
mailing-list
x_refsource_MLIST
[oss-security] 20220207 CVE-2022-22931: Path traversal in Apache James
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now