ID

VAR-202301-0613


CVE

CVE-2022-45935


TITLE

Apache James  Vulnerability related to transmission of important information in plaintext in server

Trust: 0.8

sources: JVNDB: JVNDB-2023-001783

DESCRIPTION

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions

Trust: 1.71

sources: NVD: CVE-2022-45935 // JVNDB: JVNDB-2023-001783 // VULMON: CVE-2022-45935

AFFECTED PRODUCTS

vendor:apachemodel:jamesscope:lteversion:3.7.2

Trust: 1.0

vendor:apachemodel:jamesscope:lteversion:3.7.2 and earlier

Trust: 0.8

vendor:apachemodel:jamesscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-001783 // NVD: CVE-2022-45935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-45935
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-45935
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202301-445
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-45935
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-45935
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001783 // CNNVD: CNNVD-202301-445 // NVD: CVE-2022-45935

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001783 // NVD: CVE-2022-45935

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-445

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202301-445

PATCH

title:Temporary File Information Disclosureurl:https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

Trust: 0.8

title:Apache James Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=220229

Trust: 0.6

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-45935

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-45935

Trust: 0.1

sources: VULMON: CVE-2022-45935 // JVNDB: JVNDB-2023-001783 // CNNVD: CNNVD-202301-445

EXTERNAL IDS

db:NVDid:CVE-2022-45935

Trust: 3.3

db:JVNDBid:JVNDB-2023-001783

Trust: 0.8

db:CNNVDid:CNNVD-202301-445

Trust: 0.6

db:VULMONid:CVE-2022-45935

Trust: 0.1

sources: VULMON: CVE-2022-45935 // JVNDB: JVNDB-2023-001783 // CNNVD: CNNVD-202301-445 // NVD: CVE-2022-45935

REFERENCES

url:https://lists.apache.org/thread/j61fo8xc1rxtofrn8vc33whx35s9cj1d

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-45935

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-45935

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-45935/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2022-45935

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-45935 // JVNDB: JVNDB-2023-001783 // CNNVD: CNNVD-202301-445 // NVD: CVE-2022-45935

SOURCES

db:VULMONid:CVE-2022-45935
db:JVNDBid:JVNDB-2023-001783
db:CNNVDid:CNNVD-202301-445
db:NVDid:CVE-2022-45935

LAST UPDATE DATE

2024-08-14T15:37:15.207000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-45935date:2023-01-06T00:00:00
db:JVNDBid:JVNDB-2023-001783date:2023-05-11T02:36:00
db:CNNVDid:CNNVD-202301-445date:2023-07-13T00:00:00
db:NVDid:CVE-2022-45935date:2023-07-12T11:15:09.623

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-45935date:2023-01-06T00:00:00
db:JVNDBid:JVNDB-2023-001783date:2023-05-11T00:00:00
db:CNNVDid:CNNVD-202301-445date:2023-01-06T00:00:00
db:NVDid:CVE-2022-45935date:2023-01-06T10:15:10.447