Request a Demo
Rewterz
Rewterz Threat Alert – Cuba Ransomware – Active IOCs
February 7, 2022
Rewterz
Rewterz Threat Alert – NetWire RAT Malware – Active IOCs
February 8, 2022

Rewterz Threat Advisory – CVE-2022-22931 – Apache James directory traversal Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-22931

Apache James could allow a remote authenticated attacker to traverse directories on the system, caused by not prepend delimiters during directory validations. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to access other users data stores.

Impact

  • Unauthorized Access

Indicators of Compromise

CVE

  • CVE-2022-22931

Affected Vendors

Apache

Affected Products

  • Apache James 3.6.1

Remediation

Upgrade to the latest version of Apache James, available from the Apache Web site.

https://james.apache.org/