vulnerability
Red Hat JBoss EAP: CVE-2022-45787: Cleartext Storage of Sensitive Information
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:C/I:N/A:N) | Jan 6, 2023 | Sep 19, 2024 | Mar 25, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:C/I:N/A:N)
Published
Jan 6, 2023
Added
Sep 19, 2024
Modified
Mar 25, 2026
Description
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.. A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.
We recommend users to upgrade to MIME4j version 0.8.9 or later.. A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-312
- CVE-2022-45787
- https://attackerkb.com/topics/CVE-2022-45787
- https://access.redhat.com/security/cve/CVE-2022-45787
- https://bugzilla.redhat.com/show_bug.cgi?id=2158916
- https://access.redhat.com/errata/RHSA-2023:1512
- https://access.redhat.com/errata/RHSA-2023:1513
- https://access.redhat.com/errata/RHSA-2023:1514
- https://access.redhat.com/errata/RHSA-2023:1516
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-0529
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.