CVE-2022-45935

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-668
View all →

Vulnerability Description

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions.

Related Vulnerabilities

CVE-2005-2351

MEDIUM
CVSS:5.5(Medium)

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.

CWE-6682005

CVE-2008-2544

MEDIUM
CVSS:5.5(Medium)

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.

CWE-6682008

CVE-2013-0163

MEDIUM
CVSS:5.5(Medium)

OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS

CWE-6682013

CVE-2013-4280

MEDIUM
CVSS:5.5(Medium)

Insecure temporary file vulnerability in RedHat vsdm 4.9.6.

CWE-6682013

CVE-2017-17087

MEDIUM
CVSS:5.5(Medium)

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users...

CWE-6682017

CVE-2018-20947

MEDIUM
CVSS:5.5(Medium)

cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).

CWE-6682018