CVE-2022-45935

Published: Jan 6, 2023Modified: Apr 10, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Affected (1)

Products: Apache: James

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache James	Up to 3.7.2

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.