vulnerability
Red Hat JBoss EAP: CVE-2022-45787: Cleartext Storage of Sensitive Information
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | Jan 6, 2023 | Sep 19, 2024 | Oct 28, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
Jan 6, 2023
Added
Sep 19, 2024
Modified
Oct 28, 2025
Description
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.. A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.. A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-312
- CVE-2022-45787
- https://attackerkb.com/topics/CVE-2022-45787
- URL-https://access.redhat.com/security/cve/CVE-2022-45787
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2158916
- URL-https://access.redhat.com/errata/RHSA-2023:1512
- URL-https://access.redhat.com/errata/RHSA-2023:1513
- URL-https://access.redhat.com/errata/RHSA-2023:1514
- URL-https://access.redhat.com/errata/RHSA-2023:1516
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.