By default Apache James opens a JMXRMI service that listens on localhost, port 9999. Because the JMX is misconfigured to allow unauthenticated access, an attacker that has local access to the machine running James can use a “MLet attack” in order to load arbitrary MBeans and execute malicious Java code.
Because the application requires elevated privileges to listen on SMTP, POP3, IMAP (25, 110, 143) ports, the application will usually be run as the “root” user increasing the impact of a potential Local Privilege Escalation (LPE) attack.
The vendor's disclosure and fix for this vulnerability can be found here.
More details and the exploitation process can be found in this PDF.