CVE-2022-21952
First published: Wed Jun 22 2022(Updated: )
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.
Credit: meissner@suse.de meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Manager Server | >=4.1<4.1.46 | |
| SUSE Manager Server | >=4.2<4.2.37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-21952.
What is the title of this vulnerability?
The title of this vulnerability is 'A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2'.
What is the severity of CVE-2022-21952?
The severity of CVE-2022-21952 is high (7.5).
Which software versions are affected by this vulnerability?
This vulnerability affects SUSE Manager Server 4.1 versions prior to 4.1.46 and SUSE Manager Server 4.2 versions prior to 4.2.37.
How can this vulnerability be exploited?
Remote attackers can exploit this vulnerability to exhaust available disk resources, leading to a denial of service (DoS) condition.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/author
- agent/severity
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/suse
- canonical/suse manager server
- version/suse manager server/4.1
- version/suse manager server/4.2