CVE-2022-45935: Apache James server: Temporary File Information Disclosure
First published: Fri Jan 06 2023(Updated: )
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache James | <=3.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-45935?
CVE-2022-45935 is a vulnerability in the Apache James server that allows an attacker with local access to access private user data in transit.
What is the severity of CVE-2022-45935?
CVE-2022-45935 has a severity value of 5.5, which is considered medium.
Which components are vulnerable in CVE-2022-45935?
The vulnerable components include the SMTP stack and IMAP APPEND command in the Apache James server.
Which versions of Apache James server are affected by CVE-2022-45935?
CVE-2022-45935 affects Apache James server version 3.7.2 and prior versions.
How can I fix CVE-2022-45935?
To fix CVE-2022-45935, update your Apache James server to version 3.7.3 or later, which contains the security patch.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/apache
- canonical/apache james
- version/apache james/3.7.2