VYPR
High severity7.8NVD Advisory· Published Oct 20, 2017· Updated Jun 17, 2026

CVE-2017-12628

CVE-2017-12628

Description

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.james:james-projectMaven
< 3.0.13.0.1

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.

CVE-2017-12628 · High · VYPR