Vulnerabilities > Apache > James > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-06 | CVE-2022-45787 | Cleartext Storage of Sensitive Information vulnerability in Apache James Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. | 5.5 |
| 2023-01-06 | CVE-2022-45935 | Exposure of Resource to Wrong Sphere vulnerability in Apache James Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. | 5.5 |
| 2022-02-07 | CVE-2022-22931 | Path Traversal vulnerability in Apache James 3.6.1 Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. | 4.3 |
| 2022-01-04 | CVE-2021-38542 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache James 2.2.0/3.3.0/3.4.0 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. | 5.9 |
| 2022-01-04 | CVE-2021-40111 | Infinite Loop vulnerability in Apache James 2.2.0/3.3.0/3.4.0 In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. | 6.5 |