CVE-2022-45935

EPSS 0.03%
Published 06.01.2023 10:15:10
Last modified 10.04.2025 14:15:24
Source security@apache.org
Teams watchlist Login
Open Login

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. 

Vulnerable components includes the SMTP stack and IMAP APPEND command.

This issue affects Apache James server version 3.7.2 and prior versions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ James Version <= 3.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.039

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-45935

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45935

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45935

EUVD