What is CVE-2022-45935?

CVE-2022-45935 is a medium-severity vulnerability in Apache James, classified under Exposure of Resource to Wrong Sphere. CVSS score: 5.5/10. Published 2023-01-06.

How severe is CVE-2022-45935?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2022-45935 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache James

CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue…

EPSS: 0.004 (27.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Apache James
Apache Software Foundation James Server — versions 0

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

Public proof-of-concept exploits

References

security@apache.org (vendor-advisory, Mailing List, Vendor Advisory)

Frequently asked questions

What is CVE-2022-45935?: CVE-2022-45935 is a medium-severity vulnerability in Apache James, classified under Exposure of Resource to Wrong Sphere. CVSS score: 5.5/10. Published 2023-01-06.
How severe is CVE-2022-45935?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2022-45935 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.