263 matches found
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 (RHSA-2023:1514)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1514 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 (RHSA-2023:1512)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1512 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...
apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...
CVE-2022-45787
A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...
Security Bulletin: vulnerability in Apache James MIME4J (CVE-2022-45787) may affect TXSeries for Multiplatforms
Summary TXSeries for Multiplatforms has addressed a vulnerability in Apache James MIME4J CVE-2022-45787. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on...
Security Bulletin: vulnerability in Apache James MIME4J (CVE-2022-45787) may affect CICS TX Advanced
Summary CICS TX Advanced has addressed a vulnerability in Apache James MIME4J CVE-2022-45787. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the...
Security Bulletin: vulnerability in Apache James MIME4J (CVE-2022-45787) may affect CICS TX Standard
Summary CICS TX Standard has addressed a vulnerability in Apache James MIME4J CVE-2022-45787. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to information disclosure due to Apache James MIME4J (CVE-2022-45787)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to information disclosure due to Apache James MIME4J CVE-2022-45787 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products a...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to information disclosure due to Apache James MIME4J (CVE-2022-45787)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to information disclosure due to Apache James MIME4J CVE-2022-45787 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache James MIME4J (CVE-2022-45787)
Summary There is a vulnerability in the Apache James MIME4J library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 is enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Apache James MIME4J could allow a local authenticated...
Apache James licensing issue vulnerability
Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java from the Apache Foundation in the U.S. An authorization issue vulnerability exists in Apache James, which stems from a vulnerability in the MIME4J TempFileStorageProvider using improperl...
Apache James Information Disclosure Vulnerability
Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. An attacker with local access could use this vulnerability to access private user data in transit...
CVE-2022-45935
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.5.0), cn.sparrowmini:sparrow-keycloak-adapter (>=0.0.1 <=0.0.2) +534 more potentially affected by CVE-2022-45787 via org.apache.james:apache-mime4j-storage (>=0.7 <=0.8.8)
org.apache.james:apache-mime4j-storage MAVEN version =0.7, =2.0.0, =0.0.1, =1.0, =0.5.8, =8.0.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =2.0.0 and more Source cves: CVE-2022-45787 Source advisory: OSV:GHSA-Q84X-3476-8FF2...
Apache James server allows an attacker with local access to access private user data in transit
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
Apache James MIME4J vulnerable to information disclosure to local users
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later...
GHSA-Q84X-3476-8FF2 Apache James MIME4J vulnerable to information disclosure to local users
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later...