CVE-2022-45935

Apache James server: Temporary File Information Disclosure

CVSS 5.5 MEDIUMEPSS 0.4%CWE-668

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

06 Jan 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Apache Software Foundation · Apache James server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d