CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45787 – Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
https://notcve.org/view.php?id=CVE-2022-45787
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions. • https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj https://access.redhat.com/security/cve/CVE-2022-45787 https://bugzilla.redhat.com/show_bug.cgi?id=2158916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28220 – STARTTLS command injection in Apache JAMES
https://notcve.org/view.php?id=CVE-2022-28220
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests. Apache James versiones anteriores a 3.6.3 y 3.7.1, es vulnerable a un ataque de almacenamiento en búfer que depende del uso del comando STARTTLS. La corrección de CVE-2021-38542, que resolvió un problema similar de Apache James versión 3.6.1, está sujeta a un diferencial de analizador y no toma en cuenta las peticiones simultáneas • http://www.openwall.com/lists/oss-security/2022/09/20/1 https://james.apache.org/james/update/2022/08/26/james-3.7.1.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22931 – Path traversal in Apache James 3.6.1
https://notcve.org/view.php?id=CVE-2022-22931
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used). La corrección de CVE-2021-40525 no antepone delimitadores a las comprobaciones de directorios. Las implementaciones afectadas incluyen: - Almacén de buzones maildir - Repositorio de archivos Sieve Esto permite a un usuario acceder a almacenes de datos de otros usuarios (limitado a que los nombres de usuario lleven como prefijo el valor del nombre de usuario usado) • https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr https://www.openwall.com/lists/oss-security/2022/02/07/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40525 – Sieve file storage vulnerable to path traversal attacks
https://notcve.org/view.php?id=CVE-2021-40525
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted. La implementación de Apache James ManagedSieve junto con el almacenamiento de archivos para los scripts de sieve es vulnerable a un salto de ruta, permitiendo leer y escribir cualquier archivo. • http://www.openwall.com/lists/oss-security/2022/01/04/4 http://www.openwall.com/lists/oss-security/2022/02/07/1 https://www.openwall.com/lists/oss-security/2022/01/04/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40111 – Apache James IMAP parsing Denial Of Service
https://notcve.org/view.php?id=CVE-2021-40111
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. The IMAP user needs to be authenticated to exploit this vulnerability. This affected Apache James prior to version 3.6.1. This vulnerability had been patched in Apache James 3.6.1 and higher. • http://www.openwall.com/lists/oss-security/2022/01/04/3 https://www.openwall.com/lists/oss-security/2022/01/04/3 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •