Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-01-04T08:55:25
Updated: 2024-08-04T02:44:10.863Z
Reserved: 2021-09-06T00:00:00
Link: CVE-2021-40525
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-01-04T09:15:07.423
Modified: 2024-11-21T06:24:19.323
Link: CVE-2021-40525
Redhat
No data.