CVE-2022-45935

EUVD-2023-0555
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. 

Vulnerable components includes the SMTP stack and IMAP APPEND command.

This issue affects Apache James server version 3.7.2 and prior versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
apachejames
𝑥
≤ 3.7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d
https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d