CVE-2022-45935

MEDIUM

Apache James < 3.7.2 - Exposure to Wrong Actor

Title source: rule

Description

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

References (1)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (2)

apache/james < 3.7.2

org.apache.james/james-server Maven

Timeline

Published Jan 06, 2023

Tracked Since Feb 18, 2026