CVE-2022-45935

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache James server versions 3.7.2 and prior versions

Description The issue allows an attacker with local access to access private user data in transit due to the usage of temporary files with insecure permissions by the Apache James server. Vulnerable components include the SMTP stack and IMAP APPEND command.

Recommendations For Apache James server versions 3.7.2 and prior versions, consider updating to a version that fixes the issue with temporary file permissions as a permanent solution. As a temporary workaround, restrict access to the SMTP stack and IMAP APPEND command to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Information Disclosure

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-200CWE-668

Related Identifiers

CVE-2022-45935

GHSA-V6VP-62VC-84QW

Affected Products

Apache James Server

CVE-2022-45935

Weakness Enumeration

Related Identifiers

Affected Products

References · 9