CVE-2022-45935

Cleartext Transmission of Sensitive Information in maven/org.jamesframework/james

Identifiers

CVE-2022-45935

Package Slug

maven/org.jamesframework/james

Vulnerability

Cleartext Transmission of Sensitive Information

Description

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Affected Versions

All versions up to 3.7.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-13

source