CVE-2022-43754

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10

Description An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue allows remote attackers to embed Javascript code via "/rhn/audit/scap/Search.do".

Recommendations For SUSE Linux Enterprise Module for SUSE Manager Server 4.2, update to version 4.2.28 or later. For SUSE Linux Enterprise Module for SUSE Manager Server 4.3, update spacewalk-java to version 4.3.39 or later. For SUSE Manager Server 4.2, update release-notes-susemanager to version 4.2.10 or later. As a temporary workaround, consider restricting access to the "/rhn/audit/scap/Search.do" endpoint until a patch is available.