CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.
References
Link Resource
https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:james:*:*:*:*:*:*:*:*

History

12 Jul 2023, 11:15

Type Values Removed Values Added
Summary Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

07 Jul 2023, 19:03

Type Values Removed Values Added
CWE CWE-319 CWE-668

Information

Published : 2023-01-06 10:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-45935

Mitre link : CVE-2022-45935

CVE.ORG link : CVE-2022-45935


JSON object : View

Products Affected

apache

  • james
CWE
CWE-668

Exposure of Resource to Wrong Sphere