CVE-2021-40525

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.
References
Link Resource
http://www.openwall.com/lists/oss-security/2022/01/04/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/07/1 Mailing List Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/04/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/04/4 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/07/1 Mailing List Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/04/4 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:james:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:24

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2022/01/04/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/01/04/4 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2022/02/07/1 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2022/02/07/1 - Mailing List, Third Party Advisory
References () https://www.openwall.com/lists/oss-security/2022/01/04/4 - Mailing List, Third Party Advisory () https://www.openwall.com/lists/oss-security/2022/01/04/4 - Mailing List, Third Party Advisory

29 Mar 2022, 16:34

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2022/02/07/1 - (MLIST) http://www.openwall.com/lists/oss-security/2022/02/07/1 - Mailing List, Third Party Advisory

07 Feb 2022, 10:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/02/07/1 -

12 Jan 2022, 19:29

Type Values Removed Values Added
CWE CWE-22
CPE cpe:2.3:a:apache:james:*:*:*:*:*:*:*:*
References (MISC) https://www.openwall.com/lists/oss-security/2022/01/04/4 - (MISC) https://www.openwall.com/lists/oss-security/2022/01/04/4 - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/01/04/4 - (MLIST) http://www.openwall.com/lists/oss-security/2022/01/04/4 - Mailing List, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.4
v3 : 9.1

04 Jan 2022, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-04 09:15

Updated : 2024-11-21 06:24


NVD link : CVE-2021-40525

Mitre link : CVE-2021-40525

CVE.ORG link : CVE-2021-40525


JSON object : View

Products Affected

apache

  • james
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')