Описание
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Apache Camel for Spring Boot 3 | apache-james | Not affected | ||
| Red Hat build of Apicurio Registry 2 | apache-james | Not affected | ||
| Red Hat Data Grid 8 | apache-james | Not affected | ||
| Red Hat Decision Manager 7 | apache-james | Not affected | ||
| Red Hat Fuse 7 | apache-james | Not affected | ||
| Red Hat Integration Camel K 1 | apache-james | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | apache-james | Not affected | ||
| Red Hat JBoss Data Grid 7 | apache-james | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | apache-james | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | apache-james | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2158908apache-james: Temporary File Information Disclosure
5.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.5
nvd
около 3 лет назад
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.
CVSS3: 5.5
github
около 3 лет назад
Apache James server allows an attacker with local access to access private user data in transit
5.5 Medium
CVSS3