{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"Medium"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"apache-mime4j security update",
				"category":"general",
				"title":"Synopsis"
			},
			{
				"text":"An update for apache-mime4j is now available for openEuler-20.03-LTS-SP4",
				"category":"general",
				"title":"Summary"
			},
			{
				"text":"Java stream based MIME message parser.\n\nSecurity Fix(es):\n\nUnproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.\n(CVE-2022-45787)",
				"category":"general",
				"title":"Description"
			},
			{
				"text":"An update for apache-mime4j is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
				"category":"general",
				"title":"Topic"
			},
			{
				"text":"Medium",
				"category":"general",
				"title":"Severity"
			},
			{
				"text":"apache-mime4j",
				"category":"general",
				"title":"Affected Component"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"openEuler-SA-2025-2296",
				"category":"self",
				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2296"
			},
			{
				"summary":"CVE-2022-45787",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-45787&packageName=apache-mime4j"
			},
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45787"
			},
			{
				"summary":"openEuler-SA-2025-2296 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-2296.json"
			}
		],
		"title":"An update for apache-mime4j is now available for openEuler-20.03-LTS-SP4",
		"tracking":{
			"initial_release_date":"2025-09-19T21:15:08+08:00",
			"revision_history":[
				{
					"date":"2025-09-19T21:15:08+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				}
			],
			"generator":{
				"date":"2025-09-19T21:15:08+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2025-09-19T21:15:08+08:00",
			"id":"openEuler-SA-2025-2296",
			"version":"1.0.0",
			"status":"final"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"openEuler-20.03-LTS-SP4",
									"name":"openEuler-20.03-LTS-SP4"
								},
								"name":"openEuler-20.03-LTS-SP4",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"noarch",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"apache-mime4j-0.8.1-3.oe2003sp4.noarch.rpm",
									"name":"apache-mime4j-0.8.1-3.oe2003sp4.noarch.rpm"
								},
								"name":"apache-mime4j-0.8.1-3.oe2003sp4.noarch.rpm",
								"category":"product_version"
							},
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch.rpm",
									"name":"apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch.rpm"
								},
								"name":"apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
									},
									"product_id":"apache-mime4j-0.8.1-3.oe2003sp4.src.rpm",
									"name":"apache-mime4j-0.8.1-3.oe2003sp4.src.rpm"
								},
								"name":"apache-mime4j-0.8.1-3.oe2003sp4.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"apache-mime4j-0.8.1-3.oe2003sp4.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:apache-mime4j-0.8.1-3.oe2003sp4.noarch",
					"name":"apache-mime4j-0.8.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch",
					"name":"apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
				"product_reference":"apache-mime4j-0.8.1-3.oe2003sp4.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-20.03-LTS-SP4:apache-mime4j-0.8.1-3.oe2003sp4.src",
					"name":"apache-mime4j-0.8.1-3.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2022-45787",
			"notes":[
				{
					"text":"Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.\n",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-20.03-LTS-SP4:apache-mime4j-0.8.1-3.oe2003sp4.noarch",
					"openEuler-20.03-LTS-SP4:apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch",
					"openEuler-20.03-LTS-SP4:apache-mime4j-0.8.1-3.oe2003sp4.src"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-20.03-LTS-SP4:apache-mime4j-0.8.1-3.oe2003sp4.noarch",
						"openEuler-20.03-LTS-SP4:apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch",
						"openEuler-20.03-LTS-SP4:apache-mime4j-0.8.1-3.oe2003sp4.src"
					],
					"details":"apache-mime4j security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2296"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"MEDIUM",
						"baseScore":5.5,
						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
						"version":"3.1"
					},
					"products":[
						"openEuler-20.03-LTS-SP4:apache-mime4j-0.8.1-3.oe2003sp4.noarch",
						"openEuler-20.03-LTS-SP4:apache-mime4j-javadoc-0.8.1-3.oe2003sp4.noarch",
						"openEuler-20.03-LTS-SP4:apache-mime4j-0.8.1-3.oe2003sp4.src"
					]
				}
			],
			"threats":[
				{
					"details":"Medium",
					"category":"impact"
				}
			],
			"title":"CVE-2022-45787"
		}
	]
}