Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveApacheCVE-2022-22931
HistoryFeb 07, 2022 - 7:15 p.m.

CVE-2022-22931

2022-02-0719:15:08
CWE-22
apache
web.nvd.nist.gov
71
cve-2022-22931
security fix
directory validation
maildir
sieve
data access

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

65.8%

JSON

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).

Affected configurations

Nvd
Vulners
Node
apachejamesMatch3.6.1
VendorProductVersionCPE
apachejames3.6.1cpe:2.3:a:apache:james:3.6.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Apache James",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache James 3.6.1"
      }
    ]
  }
]

Related

prion 2
cvelist 2
github 2
osv 5
nvd 2
cve 1
veracode 1
cnvd 1
prion
prion
Design/Logic Flaw
2022-02-07 19:15:00
Path traversal
2022-01-04 09:15:00
cvelist
cvelist
CVE-2022-22931 Path traversal in Apache James 3.6.1
2022-02-07 18:50:10
CVE-2021-40525 Sieve file storage vulnerable to path traversal attacks
2022-01-04 08:55:25
github
github
Path Traversal in Apache James Server
2022-02-08 00:00:34
Path traversal in Apache James
2022-01-21 23:36:47
osv
osv
Path Traversal in Apache James Server
2022-02-08 00:00:34
CVE-2022-22931
2022-02-07 19:15:08
CVE-2021-40525
2022-01-04 09:15:07
nvd
nvd
CVE-2022-22931
2022-02-07 19:15:08
CVE-2021-40525
2022-01-04 09:15:07
cve
cve
CVE-2021-40525
2022-01-04 09:15:07
veracode
veracode
Path Traversal
2022-01-05 13:23:53
cnvd
cnvd
Apache James path traversal vulnerability
2022-01-06 00:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

65.8%

JSON
Related for CVE-2022-22931
prion2cvelist2github2osv5nvd2cve1veracode1cnvd1