First published: Fri Jan 06 2023(Updated: )
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.
Credit: security@apache.org security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-activemq-artemis-native | <1:1.0.2-3.redhat_00004.1.el8ea | 1:1.0.2-3.redhat_00004.1.el8ea |
redhat/eap7-apache-mime4j | <0:0.8.9-1.redhat_00001.1.el8ea | 0:0.8.9-1.redhat_00001.1.el8ea |
redhat/eap7-artemis-native | <1:1.0.2-4.redhat_00004.1.el8ea | 1:1.0.2-4.redhat_00004.1.el8ea |
redhat/eap7-artemis-wildfly-integration | <0:1.0.7-1.redhat_00001.1.el8ea | 0:1.0.7-1.redhat_00001.1.el8ea |
redhat/eap7-infinispan | <0:11.0.17-1.Final_redhat_00001.1.el8ea | 0:11.0.17-1.Final_redhat_00001.1.el8ea |
redhat/eap7-ironjacamar | <0:1.5.11-1.Final_redhat_00001.1.el8ea | 0:1.5.11-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-ejb-client | <0:4.0.50-1.Final_redhat_00001.1.el8ea | 0:4.0.50-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-metadata | <0:13.4.0-1.Final_redhat_00001.1.el8ea | 0:13.4.0-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.10.0-26.Final_redhat_00025.1.el8ea | 0:1.10.0-26.Final_redhat_00025.1.el8ea |
redhat/eap7-jbossws-cxf | <0:5.4.8-1.Final_redhat_00001.1.el8ea | 0:5.4.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jbossws-spi | <0:3.4.0-2.Final_redhat_00001.1.el8ea | 0:3.4.0-2.Final_redhat_00001.1.el8ea |
redhat/eap7-netty | <0:4.1.86-1.Final_redhat_00001.1.el8ea | 0:4.1.86-1.Final_redhat_00001.1.el8ea |
redhat/eap7-netty-transport-native-epoll | <0:4.1.86-1.Final_redhat_00001.1.el8ea | 0:4.1.86-1.Final_redhat_00001.1.el8ea |
redhat/eap7-picketlink-federation | <0:2.5.5-22.SP12_redhat_00012.1.el8ea | 0:2.5.5-22.SP12_redhat_00012.1.el8ea |
redhat/eap7-resteasy | <0:3.15.5-1.Final_redhat_00001.1.el8ea | 0:3.15.5-1.Final_redhat_00001.1.el8ea |
redhat/eap7-snakeyaml | <0:1.33.0-2.SP1_redhat_00001.1.el8ea | 0:1.33.0-2.SP1_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.2.23-1.SP2_redhat_00001.1.el8ea | 0:2.2.23-1.SP2_redhat_00001.1.el8ea |
redhat/eap7-undertow-jastow | <0:2.0.14-1.Final_redhat_00001.1.el8ea | 0:2.0.14-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.4.10-6.GA_redhat_00002.1.el8ea | 0:7.4.10-6.GA_redhat_00002.1.el8ea |
redhat/eap7-wildfly-http-client | <0:1.1.16-1.Final_redhat_00002.1.el8ea | 0:1.1.16-1.Final_redhat_00002.1.el8ea |
redhat/eap7-activemq-artemis-native | <1:1.0.2-3.redhat_00004.1.el9ea | 1:1.0.2-3.redhat_00004.1.el9ea |
redhat/eap7-apache-mime4j | <0:0.8.9-1.redhat_00001.1.el9ea | 0:0.8.9-1.redhat_00001.1.el9ea |
redhat/eap7-artemis-native | <1:1.0.2-4.redhat_00004.1.el9ea | 1:1.0.2-4.redhat_00004.1.el9ea |
redhat/eap7-artemis-wildfly-integration | <0:1.0.7-1.redhat_00001.1.el9ea | 0:1.0.7-1.redhat_00001.1.el9ea |
redhat/eap7-infinispan | <0:11.0.17-1.Final_redhat_00001.1.el9ea | 0:11.0.17-1.Final_redhat_00001.1.el9ea |
redhat/eap7-ironjacamar | <0:1.5.11-1.Final_redhat_00001.1.el9ea | 0:1.5.11-1.Final_redhat_00001.1.el9ea |
redhat/eap7-jboss-ejb-client | <0:4.0.50-1.Final_redhat_00001.1.el9ea | 0:4.0.50-1.Final_redhat_00001.1.el9ea |
redhat/eap7-jboss-metadata | <0:13.4.0-1.Final_redhat_00001.1.el9ea | 0:13.4.0-1.Final_redhat_00001.1.el9ea |
redhat/eap7-jboss-server-migration | <0:1.10.0-26.Final_redhat_00025.1.el9ea | 0:1.10.0-26.Final_redhat_00025.1.el9ea |
redhat/eap7-jbossws-cxf | <0:5.4.8-1.Final_redhat_00001.1.el9ea | 0:5.4.8-1.Final_redhat_00001.1.el9ea |
redhat/eap7-jbossws-spi | <0:3.4.0-2.Final_redhat_00001.1.el9ea | 0:3.4.0-2.Final_redhat_00001.1.el9ea |
redhat/eap7-netty | <0:4.1.86-1.Final_redhat_00001.1.el9ea | 0:4.1.86-1.Final_redhat_00001.1.el9ea |
redhat/eap7-netty-transport-native-epoll | <0:4.1.86-1.Final_redhat_00001.1.el9ea | 0:4.1.86-1.Final_redhat_00001.1.el9ea |
redhat/eap7-picketlink-federation | <0:2.5.5-22.SP12_redhat_00012.1.el9ea | 0:2.5.5-22.SP12_redhat_00012.1.el9ea |
redhat/eap7-resteasy | <0:3.15.5-1.Final_redhat_00001.1.el9ea | 0:3.15.5-1.Final_redhat_00001.1.el9ea |
redhat/eap7-snakeyaml | <0:1.33.0-2.SP1_redhat_00001.1.el9ea | 0:1.33.0-2.SP1_redhat_00001.1.el9ea |
redhat/eap7-undertow | <0:2.2.23-1.SP2_redhat_00001.1.el9ea | 0:2.2.23-1.SP2_redhat_00001.1.el9ea |
redhat/eap7-undertow-jastow | <0:2.0.14-1.Final_redhat_00001.1.el9ea | 0:2.0.14-1.Final_redhat_00001.1.el9ea |
redhat/eap7-wildfly | <0:7.4.10-6.GA_redhat_00002.1.el9ea | 0:7.4.10-6.GA_redhat_00002.1.el9ea |
redhat/eap7-wildfly-http-client | <0:1.1.16-1.Final_redhat_00002.1.el9ea | 0:1.1.16-1.Final_redhat_00002.1.el9ea |
redhat/eap7-activemq-artemis-native | <1:1.0.2-3.redhat_00004.1.el7ea | 1:1.0.2-3.redhat_00004.1.el7ea |
redhat/eap7-apache-mime4j | <0:0.8.9-1.redhat_00001.1.el7ea | 0:0.8.9-1.redhat_00001.1.el7ea |
redhat/eap7-artemis-native | <1:1.0.2-4.redhat_00004.1.el7ea | 1:1.0.2-4.redhat_00004.1.el7ea |
redhat/eap7-artemis-wildfly-integration | <0:1.0.7-1.redhat_00001.1.el7ea | 0:1.0.7-1.redhat_00001.1.el7ea |
redhat/eap7-infinispan | <0:11.0.17-1.Final_redhat_00001.1.el7ea | 0:11.0.17-1.Final_redhat_00001.1.el7ea |
redhat/eap7-ironjacamar | <0:1.5.11-1.Final_redhat_00001.1.el7ea | 0:1.5.11-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-ejb-client | <0:4.0.50-1.Final_redhat_00001.1.el7ea | 0:4.0.50-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-metadata | <0:13.4.0-1.Final_redhat_00001.1.el7ea | 0:13.4.0-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.10.0-26.Final_redhat_00025.1.el7ea | 0:1.10.0-26.Final_redhat_00025.1.el7ea |
redhat/eap7-jbossws-cxf | <0:5.4.8-1.Final_redhat_00001.1.el7ea | 0:5.4.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jbossws-spi | <0:3.4.0-2.Final_redhat_00001.1.el7ea | 0:3.4.0-2.Final_redhat_00001.1.el7ea |
redhat/eap7-netty | <0:4.1.86-1.Final_redhat_00001.1.el7ea | 0:4.1.86-1.Final_redhat_00001.1.el7ea |
redhat/eap7-netty-transport-native-epoll | <0:4.1.86-1.Final_redhat_00001.1.el7ea | 0:4.1.86-1.Final_redhat_00001.1.el7ea |
redhat/eap7-picketlink-federation | <0:2.5.5-22.SP12_redhat_00012.1.el7ea | 0:2.5.5-22.SP12_redhat_00012.1.el7ea |
redhat/eap7-resteasy | <0:3.15.5-1.Final_redhat_00001.1.el7ea | 0:3.15.5-1.Final_redhat_00001.1.el7ea |
redhat/eap7-snakeyaml | <0:1.33.0-2.SP1_redhat_00001.1.el7ea | 0:1.33.0-2.SP1_redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.2.23-1.SP2_redhat_00001.1.el7ea | 0:2.2.23-1.SP2_redhat_00001.1.el7ea |
redhat/eap7-undertow-jastow | <0:2.0.14-1.Final_redhat_00001.1.el7ea | 0:2.0.14-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.4.10-6.GA_redhat_00002.1.el7ea | 0:7.4.10-6.GA_redhat_00002.1.el7ea |
redhat/eap7-wildfly-http-client | <0:1.1.16-1.Final_redhat_00002.1.el7ea | 0:1.1.16-1.Final_redhat_00002.1.el7ea |
redhat/rh-sso7-keycloak | <0:18.0.7-1.redhat_00001.1.el7 | 0:18.0.7-1.redhat_00001.1.el7 |
redhat/rh-sso7-keycloak | <0:18.0.7-1.redhat_00001.1.el8 | 0:18.0.7-1.redhat_00001.1.el8 |
redhat/rh-sso7-keycloak | <0:18.0.7-1.redhat_00001.1.el9 | 0:18.0.7-1.redhat_00001.1.el9 |
Apache James | <0.8.9 | |
maven/org.apache.james:apache-mime4j-storage | <0.8.9 | 0.8.9 |
redhat/mime4j | <0.8.9 | 0.8.9 |
IBM Cloud Pak for Business Automation | <=V22.0.2 - V22.0.2-IF004 | |
IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF020 | |
IBM Cloud Pak for Business Automation | <=V22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes | |
<0.8.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)