First published: Tue Jan 04 2022(Updated: )
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache James | <3.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache James is an open-source email server and email client framework written in Java.
The vulnerability with ID CVE-2021-38542 is a buffering attack vulnerability in Apache James prior to version 3.6.1.
The impact of CVE-2021-38542 is that it can result in man-in-the-middle command injection attacks and potential leakage of sensitive information.
The severity of CVE-2021-38542 is medium with a CVSS score of 5.9.
To fix CVE-2021-38542, you should upgrade Apache James to version 3.6.1 or later.