cvedb.io
CVE-2022-45935
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2023-01-06T10:15:10.447 · Last modified 2026-06-17T05:11:03.097

Summary

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Affected products

apache — james

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.