PT-2023-14802 · Apache · Apache James Server

Benoit Tellier

Publicado

2023-01-06

Atualizado

2025-04-10

CVE-2022-45935

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache James server versions 3.7.2 and prior versions

Description The issue allows an attacker with local access to access private user data in transit due to the usage of temporary files with insecure permissions by the Apache James server. Vulnerable components include the SMTP stack and IMAP APPEND command.

Recommendations For Apache James server versions 3.7.2 and prior versions, consider updating to a version that fixes the issue with temporary file permissions as a permanent solution. As a temporary workaround, restrict access to the SMTP stack and IMAP APPEND command to minimize the risk of exploitation.

Correção

Cleartext Transmission of Sensitive Information

Information Disclosure

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-200CWE-668

Identificadores relacionados

CVE-2022-45935

GHSA-V6VP-62VC-84QW

Produtos afetados

Apache James Server

PT-2023-14802 · Apache · Apache James Server

CVE-2022-45935

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9