Vulnerabilities > Apache > James > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-06 CVE-2022-45787 Unspecified vulnerability in Apache James
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users.
local
low complexity
apache
5.5
2023-01-06 CVE-2022-45935 Unspecified vulnerability in Apache James
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit.
local
low complexity
apache
5.5
2022-02-07 CVE-2022-22931 Path Traversal vulnerability in Apache James 3.6.1
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations.
network
low complexity
apache CWE-22
4.3
2022-01-04 CVE-2021-38542 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache James 2.2.0/3.3.0/3.4.0
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command.
network
high complexity
apache CWE-327
5.9
2022-01-04 CVE-2021-40111 Infinite Loop vulnerability in Apache James 2.2.0/3.3.0/3.4.0
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions.
network
low complexity
apache CWE-835
6.5