{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"apache-mime4j security update", "category":"general", "title":"Synopsis" }, { "text":"An update for apache-mime4j is now available for openEuler-22.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Java stream based MIME message parser.\n\nSecurity Fix(es):\n\nA vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Impacted is confidentiality.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2022-45787)", "category":"general", "title":"Description" }, { "text":"An update for apache-mime4j is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"apache-mime4j", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2344", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2344" }, { "summary":"CVE-2022-45787", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-45787&packageName=apache-mime4j" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45787" }, { "summary":"openEuler-SA-2025-2344 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-2344.json" } ], "title":"An update for apache-mime4j is now available for openEuler-22.03-LTS-SP3", "tracking":{ "initial_release_date":"2025-09-26T21:13:18+08:00", "revision_history":[ { "date":"2025-09-26T21:13:18+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-09-26T21:13:18+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-09-26T21:13:18+08:00", "id":"openEuler-SA-2025-2344", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"apache-mime4j-0.8.3-3.oe2203sp3.noarch.rpm", "name":"apache-mime4j-0.8.3-3.oe2203sp3.noarch.rpm" }, "name":"apache-mime4j-0.8.3-3.oe2203sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch.rpm", "name":"apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch.rpm" }, "name":"apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"apache-mime4j-0.8.3-3.oe2203sp3.src.rpm", "name":"apache-mime4j-0.8.3-3.oe2203sp3.src.rpm" }, "name":"apache-mime4j-0.8.3-3.oe2203sp3.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"apache-mime4j-0.8.3-3.oe2203sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:apache-mime4j-0.8.3-3.oe2203sp3.noarch", "name":"apache-mime4j-0.8.3-3.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch", "name":"apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"apache-mime4j-0.8.3-3.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:apache-mime4j-0.8.3-3.oe2203sp3.src", "name":"apache-mime4j-0.8.3-3.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-45787", "notes":[ { "text":"A vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Impacted is confidentiality.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:apache-mime4j-0.8.3-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:apache-mime4j-0.8.3-3.oe2203sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:apache-mime4j-0.8.3-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:apache-mime4j-0.8.3-3.oe2203sp3.src" ], "details":"apache-mime4j security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2344" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:apache-mime4j-0.8.3-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:apache-mime4j-javadoc-0.8.3-3.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:apache-mime4j-0.8.3-3.oe2203sp3.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2022-45787" } ] }