CVE-2022-45787 - Vulnerability Details

Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apache	James
Redhat	Jboss Enterprise Application Platform Quarkus Red Hat Single Sign On Rhosemc Service Registry

Configuration 1 [-]

cpe:2.3:a:apache:james:*:*:*:*:mime4j:*:*:*

Package	CPE	Advisory	Released Date
EAP 7.4.10 release
apache-james-mime4j	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2023:1516	2023-03-29T00:00:00Z
Red Hat build of Quarkus 2.13.8.Final
org.apache.james/apache-mime4j-storage:0.8.9.redhat-00001	cpe:/a:redhat:quarkus:2.13::el8	RHSA-2023:3809	2023-06-29T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2023:1513	2023-03-29T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2023:1514	2023-03-29T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2023:1512	2023-03-29T00:00:00Z
Red Hat Single Sign-On 7.0
apache-james-mime4j	cpe:/a:redhat:red_hat_single_sign_on:7.6.3	RHSA-2023:2713	2023-05-10T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 7
rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el7sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el7	RHSA-2023:2705	2023-05-10T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 8
rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el8sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el8	RHSA-2023:2706	2023-05-10T00:00:00Z
Red Hat Single Sign-On 7.6 for RHEL 9
rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso	cpe:/a:redhat:red_hat_single_sign_on:7.6::el9	RHSA-2023:2707	2023-05-10T00:00:00Z
RHEL-8 based Middleware Containers
rh-sso-7/sso76-openshift-rhel8:7.6-22	cpe:/a:redhat:rhosemc:1.0::el8	RHSA-2023:2710	2023-05-10T00:00:00Z
RHINT Service Registry 2.4.3 GA
apache-james-mime4j	cpe:/a:redhat:service_registry:2.4	RHSA-2023:3815	2023-06-27T00:00:00Z

References

Link	Providers
https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj
https://nvd.nist.gov/vuln/detail/CVE-2022-45787
https://www.cve.org/CVERecord?id=CVE-2022-45787

History

Wed, 09 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-01-06T09:31:40.118Z

Updated: 2025-04-09T19:32:09.206Z

Reserved: 2022-11-22T08:49:26.227Z

Link: CVE-2022-45787

Vulnrichment

Updated: 2024-08-03T14:17:04.186Z

NVD

Status : Modified

Published: 2023-01-06T10:15:10.383

Modified: 2025-04-09T20:15:22.730

Link: CVE-2022-45787

Redhat

Severity : Moderate

Publid Date: 2023-01-06T00:00:00Z

Links: CVE-2022-45787 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-45787", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-11-22T08:49:26.227Z", "datePublished": "2023-01-06T09:31:40.118Z", "dateUpdated": "2025-04-09T19:32:09.206Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache James MIME4J", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "0.8.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jonathan Leitschuh"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. "}], "value": "Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-01-16T10:27:24.515Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:17:04.186Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-312", "lang": "en", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-09T19:31:06.959423Z", "id": "CVE-2022-45787", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T19:32:09.206Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:17:04.186Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-45787", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-09T19:31:06.959423Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T19:31:36.707Z"}}], "cna": {"title": "Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Jonathan Leitschuh"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache James MIME4J", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "0.8.8"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.\n", "supportingMedia": [{"type": "text/html", "value": "Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-01-16T10:27:24.515Z"}}}, "cveMetadata": {"cveId": "CVE-2022-45787", "state": "PUBLISHED", "dateUpdated": "2025-04-09T19:32:09.206Z", "dateReserved": "2022-11-22T08:49:26.227Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2023-01-06T09:31:40.118Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:james:*:*:*:*:mime4j:*:*:*", "matchCriteriaId": "36FAB00E-6832-4BBB-BE8D-22E47940C57F", "versionEndExcluding": "0.8.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.\n"}, {"lang": "es", "value": "Los permisos laxos inadecuados en los archivos temporales utilizados por MIME4J TempFileStorageProvider pueden provocar la divulgaci\u00f3n de informaci\u00f3n a otros usuarios locales. Este problema afecta a Apache James MIME4J versi\u00f3n 0.8.8 y versiones anteriores. Recomendamos a los usuarios que actualicen a MIME4j versi\u00f3n 0.8.9 o posterior."}], "id": "CVE-2022-45787", "lastModified": "2025-04-09T20:15:22.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-06T10:15:10.383", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "security@apache.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:1516", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "apache-james-mime4j", "product_name": "EAP 7.4.10 release", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:3809", "cpe": "cpe:/a:redhat:quarkus:2.13::el8", "package": "org.apache.james/apache-mime4j-storage:0.8.9.redhat-00001", "product_name": "Red Hat build of Quarkus 2.13.8.Final", "release_date": "2023-06-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1513", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1514", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-activemq-artemis-native-1:1.0.2-3.redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-apache-mime4j-0:0.8.9-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-artemis-native-1:1.0.2-4.redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-artemis-wildfly-integration-0:1.0.7-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-infinispan-0:11.0.17-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-ironjacamar-0:1.5.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-jboss-ejb-client-0:4.0.50-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-jboss-el-api_3.0_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-jboss-metadata-0:13.4.0-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-jboss-server-migration-0:1.10.0-26.Final_redhat_00025.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-jbossws-cxf-0:5.4.8-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-jbossws-spi-0:3.4.0-2.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-netty-0:4.1.86-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-netty-transport-native-epoll-0:4.1.86-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-picketlink-federation-0:2.5.5-22.SP12_redhat_00012.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-resteasy-0:3.15.5-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-snakeyaml-0:1.33.0-2.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-undertow-0:2.2.23-1.SP2_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-undertow-jastow-0:2.0.14-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-wildfly-0:7.4.10-6.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:1512", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-wildfly-http-client-0:1.1.16-1.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-03-29T00:00:00Z"}, {"advisory": "RHSA-2023:2713", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.3", "package": "apache-james-mime4j", "product_name": "Red Hat Single Sign-On 7.0", "release_date": "2023-05-10T00:00:00Z"}, {"advisory": "RHSA-2023:2705", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2023-05-10T00:00:00Z"}, {"advisory": "RHSA-2023:2706", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2023-05-10T00:00:00Z"}, {"advisory": "RHSA-2023:2707", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2023-05-10T00:00:00Z"}, {"advisory": "RHSA-2023:2710", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-22", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-05-10T00:00:00Z"}, {"advisory": "RHSA-2023:3815", "cpe": "cpe:/a:redhat:service_registry:2.4", "package": "apache-james-mime4j", "product_name": "RHINT Service Registry 2.4.3 GA", "release_date": "2023-06-27T00:00:00Z"}], "bugzilla": {"description": "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider", "id": "2158916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158916"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.", "A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions."], "name": "CVE-2022-45787", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Fix deferred", "impact": "low", "package_name": "apache-james-mime4j", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "apache-james-mime4j", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Fix deferred", "impact": "low", "package_name": "apache-james-mime4j", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Will not fix", "package_name": "apache-james-mime4j", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "impact": "low", "package_name": "apache-james-mime4j", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "apache-james-mime4j", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Out of support scope", "package_name": "apache-james-mime4j", "product_name": "Red Hat Satellite 6"}], "public_date": "2023-01-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-45787\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45787"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object