CVE-2022-45935

2023-01-0610:15:10

CWE-668

[email protected]

web.nvd.nist.gov

cve-2022-45935

apache james server

local access

user data

insecure permissions

nvd

vulnerability

security issue

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit.

Vulnerable components includes the SMTP stack and IMAP APPEND command.

This issue affects Apache James server version 3.7.2 and prior versions.

Affected configurations

Vulners

NVD

Node

apachejames_serverRange≤3.7.2

CPENameOperatorVersion
apache:jamesapache jamesle3.7.2

CPE	Name	Operator	Version
apache:james	apache james	le	3.7.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache James server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "3.7.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]