ID CVE-2022-45935
Summary Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:james:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:james:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:james:3.7.0:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-668
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 12-07-2023 - 11:15
Published 06-01-2023 - 10:15
Last modified 12-07-2023 - 11:15
Back to Top