CVE-2022-45935

CVE-2022-45935: Apache James server: Temporary File Information Disclosure

Vendor Apache Software Foundation

Product Apache James server

Weakness CWE-668

Published January 6, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Key dates

Disclosure timeline

January 6, 2023 CVE published

April 10, 2025 Record updated