Rewterz Threat Advisory –CVE-2022-45787 – Apache James MIME4J Vulnerability
January 9, 2023Rewterz Threat Advisory – Multiple Zoom Rooms Vulnerabilities
January 9, 2023Rewterz Threat Advisory –CVE-2022-45787 – Apache James MIME4J Vulnerability
January 9, 2023Rewterz Threat Advisory – Multiple Zoom Rooms Vulnerabilities
January 9, 2023Severity
Medium
Analysis Summary
CVE-2022-45935
Apache James server could allow a local authenticated attacker to obtain sensitive information, caused by the use of temporary files with insecure permissions in the SMTP stack and IMAP APPEND command. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain private user data information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-45935
Affected Vendors
Apache
Affected Products
- Apache James Server 3.7.2
Remediation
Upgrade to the latest version of Apache James server, available from the Apache Website.