← back
CVE-2022-22931

Path traversal in Apache James 3.6.1

EPSS 1.8%CWE-22
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Feb 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →