{"schema_version": "1.6.1", "id": "CVE-2023-26269", "summary": "Privilege escalation through unauthenticated JMX", "details": "Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a \nmalicious local user.\n\nAdministrators are advised to disable JMX, or set up a JMX password.\n\nNote that version 3.7.4 onward will set up a JMX password automatically for Guice users.\n\n\n", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"last_affected": "0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/2z44rg93pflbjhvbwy3xtz505bx41cbs"}]}