9.8

CVSS Score

Basic Information

CVE ID

CVE-2023-51518

GHSA ID

GHSA-px7w-c9gw-7gj3

EPSS Score

CWE

CWE-502

Published

2/27/2024

Updated

8/23/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-51518

CVE-2023-51518:
Apache James server: Privilege escalation via JMX pre-authentication deserialization

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JMX endpoint is only bound locally.

We recommend users to: - Upgrade to a non-vulnerable Apache James version

- Run Apache James isolated from other processes (docker - dedicated virtual machine) - If possible turn off JMX

(GitHub Advisory)

9.8

CVSS Score

Basic Information

CVE ID

CVE-2023-51518

GHSA ID

GHSA-px7w-c9gw-7gj3

EPSS Score

CWE

CWE-502

Published

2/27/2024

Updated

8/23/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.james:james-server	maven	<= 3.7.4	3.7.5
org.apache.james:james-server	maven	>= 3.8.0, < 3.8.1	3.8.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability involves insecure JMX endpoint configuration enabling pre-authentication deserialization. The primary entry point for JMX setup in Apache James would reside in a utility class like JmxUtil. The createJMXConnectorServer method would be responsible for configuring the JMX environment, including authentication settings. In vulnerable versions, this method likely omitted critical security properties (e.g., 'com.sun.management.jmxremote.authenticate'), allowing deserialization before authentication. The medium confidence reflects the lack of direct patch evidence, but aligns with JMX vulnerability patterns and CWE-502 context.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** J*m*s prior to v*rsion *.*.* *n* *.*.* *xpos*s * JMX *n*point on lo**l*ost su*j**t to pr*-*ut**nti**tion **s*ri*lis*tion o* untrust** **t*. *iv*n * **s*ri*lis*tion ***j*t, t*is *oul* ** l*v*r**** *s p*rt o* *n *xploit ***in t**t *oul* r*sult i

Reasoning

T** vuln*r**ility involv*s ins**ur* JMX *n*point *on*i*ur*tion *n**lin* pr*-*ut**nti**tion **s*ri*liz*tion. T** prim*ry *ntry point *or JMX s*tup in *p**** J*m*s woul* r*si** in * utility *l*ss lik* JmxUtil. T** *r**t*JMX*onn**torS*rv*r m*t*o* woul*

9.8

Basic Information

Concerned about an active attack path?

CVE-2023-51518: Apache James server: Privilege escalation via JMX pre-authentication deserialization

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-51518:
Apache James server: Privilege escalation via JMX pre-authentication deserialization

Vulnerability Intelligence
Miggo AI