PT-2022-15201 · Suse · Suse Manager Server+1

Paolo Perego

Published

2022-06-20

Updated

2024-09-16

CVE-2022-21952

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37

Description A Missing Authentication for Critical Function issue in spacewalk-java of SUSE Manager Server allows remote attackers to easily exhaust available disk resources, leading to a Denial of Service (DoS). This issue affects SUSE Manager Server 4.1 and 4.2.

Recommendations For SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46, update to version 4.1.46 or later. For SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37, update to version 4.2.37 or later.

Exploit

Fix

DoS

Missing Authentication

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-770

Related Identifiers

CVE-2022-21952

SUSE-SU-2022:2143-1

SUSE-SU-2022:2144-1

SUSE-SU-2022:2145-1

SUSE-SU-2022:2146-1

Affected Products

Suse Manager Server

Suse

PT-2022-15201 · Suse · Suse Manager Server+1

CVE-2022-21952

Weakness Enumeration

Related Identifiers

Affected Products

References · 65