org.apache.james:james-server-core is vulnerable to Information Disclosure. A local attacker is able to access private user data in transit due to the use of temporary files with insecure permissions which includes in the SMTP
stack and IMAP APPEND
command’s vulnerable components, resulting in disclosure of sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
apache james :: server :: core | le | 3.7.2 | |
apache james :: server :: core | le | 3.7.2 |