Unrated severityNVD Advisory· Published Jun 22, 2022· Updated Sep 16, 2024

SUMA unauthenticated remote DoS via resource exhaustion

CVE-2022-21952

Description

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.

Affected products

osv-coords49 versions
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/inter-server-sync&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/postgresql-jdbc&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/prometheus-exporters-formula&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/py27-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.1 pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.2 pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.2 pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.2 pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Proxy%20Module%204.2 pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.1 pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.2 pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%20Module%204.2
< 0.7.0-150200.2.6.2+ 48 more
- (no CPE)range: < 0.7.0-150200.2.6.2
- (no CPE)range: < 1.3.0-150200.3.9.3
- (no CPE)range: < 0.4.0-150200.6.12.2
- (no CPE)range: < 0.2.2-150300.8.17.1
- (no CPE)range: < 4.1-150200.6.12.2
- (no CPE)range: < 42.2.10-150200.3.8.2
- (no CPE)range: < 0.9.5-150200.3.31.2
- (no CPE)range: < 0.3.7-150200.3.21.2
- (no CPE)range: < 0.6.2-150300.3.14.1
- (no CPE)range: < 3000.3-150200.6.24.2
- (no CPE)range: < 4.1.15-150200.3.80.1
- (no CPE)range: < 4.2.7-150300.3.44.1
- (no CPE)range: < 4.1.15-150200.3.56.1
- (no CPE)range: < 4.2.7-150300.3.31.2
- (no CPE)range: < 4.1.15-150200.3.56.1
- (no CPE)range: < 4.2.7-150300.3.31.2
- (no CPE)range: < 0.19.0-150300.3.6.1
- (no CPE)range: < 1.7.10-0.150300.3.6.1
- (no CPE)range: < 4.2.17-150300.4.21.4
- (no CPE)range: < 4.1.18-150200.4.39.3
- (no CPE)range: < 4.2.17-150300.4.21.4
- (no CPE)range: < 4.2.22-150300.4.23.1
- (no CPE)range: < 4.1.31-150200.4.50.4
- (no CPE)range: < 4.2.22-150300.4.23.1
- (no CPE)range: < 4.2.16-150300.3.18.3
- (no CPE)range: < 4.2.16-150300.3.18.3
- (no CPE)range: < 4.1.46-150200.3.71.5
- (no CPE)range: < 4.2.38-150300.3.35.1
- (no CPE)range: < 4.1.11-150200.3.18.2
- (no CPE)range: < 4.1.20-150200.3.30.2
- (no CPE)range: < 4.2.16-150300.3.15.5
- (no CPE)range: < 4.2.27-150300.3.21.7
- (no CPE)range: < 4.1.34-150200.3.47.6
- (no CPE)range: < 4.2.27-150300.3.21.7
- (no CPE)range: < 0.28-150200.3.15.2
- (no CPE)range: < 1.2.0-150300.3.3.1
- (no CPE)range: < 1.2.0-150300.3.3.1
- (no CPE)range: < 4.1.36-150200.3.52.1
- (no CPE)range: < 4.2.32-150300.3.31.1
- (no CPE)range: < 4.1-150200.11.55.4
- (no CPE)range: < 4.2-150300.12.27.6
- (no CPE)range: < 4.1-150200.11.55.2
- (no CPE)range: < 4.2-150300.12.27.1
- (no CPE)range: < 4.1.26-150200.3.45.4
- (no CPE)range: < 4.2.22-150300.3.21.6
- (no CPE)range: < 4.1.36-150200.3.64.2
- (no CPE)range: < 4.2.23-150300.3.25.4
- (no CPE)range: < 4.2.12-150300.3.18.3
- (no CPE)range: < 1.0.23-150300.3.3.1
SUSE/SUSE Manager Server 4.1v5
Range: spacewalk-java
SUSE/SUSE Manager Server 4.2v5
Range: spacewalk-java

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.suse.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000