CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-22931

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.029

EPSS Ranking 85.6%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr
https://www.openwall.com/lists/oss-security/2022/02/07/1
https://lists.apache.org/thread/bp8yql4wws56jlh0vxoowj7foothsmpr
https://www.openwall.com/lists/oss-security/2022/02/07/1

Products affected by CVE-2022-22931

Apache » James » Version: 3.6.1

cpe:2.3:a:apache:james:3.6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-22931

Products

Pricing

Contact Us