CVE-2022-45935

EPSS 0.03%
Veröffentlicht 06.01.2023 10:15:10
Zuletzt bearbeitet 10.04.2025 14:15:24
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. 

Vulnerable components includes the SMTP stack and IMAP APPEND command.

This issue affects Apache James server version 3.7.2 and prior versions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ James Version <= 3.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-45935

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45935

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45935

EUVD