Lucene search

[email protected]CVE-2022-45935

HistoryJan 06, 2023 - 10:15 a.m.

CVE-2022-45935

2023-01-0610:15:10

CWE-668

[email protected]

web.nvd.nist.gov

cve-2022-45935

apache james server

local access

user data

insecure permissions

nvd

vulnerability

security issue

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit.

Vulnerable components includes the SMTP stack and IMAP APPEND command.

This issue affects Apache James server version 3.7.2 and prior versions.

CPENameOperatorVersion
apache:jamesapache jamesle3.7.2
apache:jamesapache jameseq-
apache:jamesapache jameseq3.7.0
apache:jamesapache jameseq3.3.0
apache:jamesapache jameseq3.6.1
apache:jamesapache jameseq3.6.2
apache:jamesapache jameseq3.4.0
apache:jamesapache jameseq2.2.0

CPE	Name	Operator	Version
apache:james	apache james	le	3.7.2
apache:james	apache james	eq	-
apache:james	apache james	eq	3.7.0
apache:james	apache james	eq	3.3.0
apache:james	apache james	eq	3.6.1
apache:james	apache james	eq	3.6.2
apache:james	apache james	eq	3.4.0
apache:james	apache james	eq	2.2.0