CVE-2021-38542
published 2022-01-04CVE-2021-38542: Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | james | < 3.6.1 | 3.6.1 |
| apache | james | <= 3.6.2 | — |
| apache | james | — | — |
| apache_software_foundation | apache_james | Apache James – 3.6.2 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa5.9MEDIUM
osv5.9MEDIUM