CVE-2022-43753

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10

Description A Path Traversal vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server allows remote attackers to read files available to the user running the process, typically tomcat.

Recommendations For SUSE Linux Enterprise Module for SUSE Manager Server 4.2, update to version 4.2.28 or later. For SUSE Linux Enterprise Module for SUSE Manager Server 4.3, update spacewalk-java to version 4.3.39 or later. For SUSE Manager Server 4.2, update release-notes-susemanager to version 4.2.10 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-43753

SUSE-SU-2022:3878-1

SUSE-SU-2022:3879-1

SUSE-SU-2022:3880-1

Affected Products

Suse Linux Enterprise Module For Suse Manager Server

Suse Manager Server

Suse

Release-Notes-Susemanager

Spacewalk-Java

Apache Tomcat

CVE-2022-43753

Weakness Enumeration

Related Identifiers

Affected Products

References · 35