CVE-2022-45935

Опубликовано: 06 янв. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit.

Vulnerable components includes the SMTP stack and IMAP APPEND command.

This issue affects Apache James server version 3.7.2 and prior versions.

Ссылки

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d
Mailing List
Vendor Advisory
https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:james:*:*:*:*:*:*:*:*

Версия до 3.7.2 (включая)

EPSS

Процентиль: 32%

0.00125

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-668

Связанные уязвимости

CVE-2022-45935

CVSS3: 5.5

redhat

около 3 лет назад

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

GHSA-v6vp-62vc-84qw

CVSS3: 5.5

github

около 3 лет назад

Apache James server allows an attacker with local access to access private user data in transit

EPSS

Процентиль: 32%

0.00125

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-668