vulnerability
Red Hat JBoss EAP: CVE-2022-45787: Cleartext Storage of Sensitive Information
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | Jan 6, 2023 | Sep 19, 2024 | Mar 25, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
Jan 6, 2023
Added
Sep 19, 2024
Modified
Mar 25, 2026
Description
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.. A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.. A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-312
- CVE-2022-45787
- https://attackerkb.com/topics/CVE-2022-45787
- https://access.redhat.com/security/cve/CVE-2022-45787
- https://bugzilla.redhat.com/show_bug.cgi?id=2158916
- https://access.redhat.com/errata/RHSA-2023:1512
- https://access.redhat.com/errata/RHSA-2023:1513
- https://access.redhat.com/errata/RHSA-2023:1514
- https://access.redhat.com/errata/RHSA-2023:1516
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-0529
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.