SUSE update for SUSE Manager Server 4.1



Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2022-21698
CVE-2022-21724
CVE-2022-21952
CVE-2022-26520
CVE-2022-31248
CWE-ID CWE-20
CWE-665
CWE-770
CWE-209
Exploitation vector Network
Public exploit N/A
Vulnerable software
 SUSE Linux Enterprise Module for SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

uyuni-config-modules
Operating systems & Components / Operating system package or component

susemanager-web-libs
Operating systems & Components / Operating system package or component

susemanager-sls
Operating systems & Components / Operating system package or component

susemanager-schema
Operating systems & Components / Operating system package or component

susemanager-docs_en-pdf
Operating systems & Components / Operating system package or component

susemanager-docs_en
Operating systems & Components / Operating system package or component

susemanager-doc-indexes
Operating systems & Components / Operating system package or component

subscription-matcher
Operating systems & Components / Operating system package or component

spacewalk-utils-extras
Operating systems & Components / Operating system package or component

spacewalk-utils
Operating systems & Components / Operating system package or component

spacewalk-taskomatic
Operating systems & Components / Operating system package or component

spacewalk-setup
Operating systems & Components / Operating system package or component

spacewalk-java-postgresql
Operating systems & Components / Operating system package or component

spacewalk-java-lib
Operating systems & Components / Operating system package or component

spacewalk-java-config
Operating systems & Components / Operating system package or component

spacewalk-java
Operating systems & Components / Operating system package or component

spacewalk-html
Operating systems & Components / Operating system package or component

spacewalk-base-minimal-config
Operating systems & Components / Operating system package or component

spacewalk-base-minimal
Operating systems & Components / Operating system package or component

spacewalk-base
Operating systems & Components / Operating system package or component

spacewalk-backend-xmlrpc
Operating systems & Components / Operating system package or component

spacewalk-backend-xml-export-libs
Operating systems & Components / Operating system package or component

spacewalk-backend-tools
Operating systems & Components / Operating system package or component

spacewalk-backend-sql-postgresql
Operating systems & Components / Operating system package or component

spacewalk-backend-sql
Operating systems & Components / Operating system package or component

spacewalk-backend-server
Operating systems & Components / Operating system package or component

spacewalk-backend-package-push-server
Operating systems & Components / Operating system package or component

spacewalk-backend-iss-export
Operating systems & Components / Operating system package or component

spacewalk-backend-iss
Operating systems & Components / Operating system package or component

spacewalk-backend-config-files-tool
Operating systems & Components / Operating system package or component

spacewalk-backend-config-files-common
Operating systems & Components / Operating system package or component

spacewalk-backend-config-files
Operating systems & Components / Operating system package or component

spacewalk-backend-applet
Operating systems & Components / Operating system package or component

spacewalk-backend-app
Operating systems & Components / Operating system package or component

spacewalk-backend
Operating systems & Components / Operating system package or component

spacecmd
Operating systems & Components / Operating system package or component

py27-compat-salt
Operating systems & Components / Operating system package or component

prometheus-formula
Operating systems & Components / Operating system package or component

prometheus-exporters-formula
Operating systems & Components / Operating system package or component

postgresql-jdbc
Operating systems & Components / Operating system package or component

susemanager-tools
Operating systems & Components / Operating system package or component

susemanager
Operating systems & Components / Operating system package or component

patterns-suma_server
Operating systems & Components / Operating system package or component

patterns-suma_retail
Operating systems & Components / Operating system package or component

golang-github-prometheus-node_exporter
Operating systems & Components / Operating system package or component

golang-github-lusitaniae-apache_exporter-debuginfo
Operating systems & Components / Operating system package or component

golang-github-lusitaniae-apache_exporter
Operating systems & Components / Operating system package or component

golang-github-QubitProducts-exporter_exporter
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU61599

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-21698

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package SUSE Manager Server 4.1 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for SUSE Manager Server: 4.1

SUSE Manager Server: 4.1

uyuni-config-modules: before 4.1.36-150200.3.64.2

susemanager-web-libs: before 4.1.34-150200.3.47.6

susemanager-sls: before 4.1.36-150200.3.64.2

susemanager-schema: before 4.1.26-150200.3.45.4

susemanager-docs_en-pdf: before 4.1-150200.11.55.2

susemanager-docs_en: before 4.1-150200.11.55.2

susemanager-doc-indexes: before 4.1-150200.11.55.4

subscription-matcher: before 0.28-150200.3.15.2

spacewalk-utils-extras: before 4.1.20-150200.3.30.2

spacewalk-utils: before 4.1.20-150200.3.30.2

spacewalk-taskomatic: before 4.1.46-150200.3.71.5

spacewalk-setup: before 4.1.11-150200.3.18.2

spacewalk-java-postgresql: before 4.1.46-150200.3.71.5

spacewalk-java-lib: before 4.1.46-150200.3.71.5

spacewalk-java-config: before 4.1.46-150200.3.71.5

spacewalk-java: before 4.1.46-150200.3.71.5

spacewalk-html: before 4.1.34-150200.3.47.6

spacewalk-base-minimal-config: before 4.1.34-150200.3.47.6

spacewalk-base-minimal: before 4.1.34-150200.3.47.6

spacewalk-base: before 4.1.34-150200.3.47.6

spacewalk-backend-xmlrpc: before 4.1.31-150200.4.50.4

spacewalk-backend-xml-export-libs: before 4.1.31-150200.4.50.4

spacewalk-backend-tools: before 4.1.31-150200.4.50.4

spacewalk-backend-sql-postgresql: before 4.1.31-150200.4.50.4

spacewalk-backend-sql: before 4.1.31-150200.4.50.4

spacewalk-backend-server: before 4.1.31-150200.4.50.4

spacewalk-backend-package-push-server: before 4.1.31-150200.4.50.4

spacewalk-backend-iss-export: before 4.1.31-150200.4.50.4

spacewalk-backend-iss: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-tool: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-common: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files: before 4.1.31-150200.4.50.4

spacewalk-backend-applet: before 4.1.31-150200.4.50.4

spacewalk-backend-app: before 4.1.31-150200.4.50.4

spacewalk-backend: before 4.1.31-150200.4.50.4

spacecmd: before 4.1.18-150200.4.39.3

py27-compat-salt: before 3000.3-150200.6.24.2

prometheus-formula: before 0.3.7-150200.3.21.2

prometheus-exporters-formula: before 0.9.5-150200.3.31.2

postgresql-jdbc: before 42.2.10-150200.3.8.2

susemanager-tools: before 4.1.36-150200.3.52.1

susemanager: before 4.1.36-150200.3.52.1

patterns-suma_server: before 4.1-150200.6.12.2

patterns-suma_retail: before 4.1-150200.6.12.2

golang-github-prometheus-node_exporter: before 1.3.0-150200.3.9.3

golang-github-lusitaniae-apache_exporter-debuginfo: before 0.7.0-150200.2.6.2

golang-github-lusitaniae-apache_exporter: before 0.7.0-150200.2.6.2

golang-github-QubitProducts-exporter_exporter: before 0.4.0-150200.6.12.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222145-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper initialization

EUVDB-ID: #VU62714

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-21724

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper initialization in pgjdbc driver when handling attacker-controlled URL in connection properties as the driver does not verify if the class implements the expected interface before instantiating the class. A remote attacker can pass specially crafted URL to the affected application and execute arbitrary code in the system.

Mitigation

Update the affected package SUSE Manager Server 4.1 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for SUSE Manager Server: 4.1

SUSE Manager Server: 4.1

uyuni-config-modules: before 4.1.36-150200.3.64.2

susemanager-web-libs: before 4.1.34-150200.3.47.6

susemanager-sls: before 4.1.36-150200.3.64.2

susemanager-schema: before 4.1.26-150200.3.45.4

susemanager-docs_en-pdf: before 4.1-150200.11.55.2

susemanager-docs_en: before 4.1-150200.11.55.2

susemanager-doc-indexes: before 4.1-150200.11.55.4

subscription-matcher: before 0.28-150200.3.15.2

spacewalk-utils-extras: before 4.1.20-150200.3.30.2

spacewalk-utils: before 4.1.20-150200.3.30.2

spacewalk-taskomatic: before 4.1.46-150200.3.71.5

spacewalk-setup: before 4.1.11-150200.3.18.2

spacewalk-java-postgresql: before 4.1.46-150200.3.71.5

spacewalk-java-lib: before 4.1.46-150200.3.71.5

spacewalk-java-config: before 4.1.46-150200.3.71.5

spacewalk-java: before 4.1.46-150200.3.71.5

spacewalk-html: before 4.1.34-150200.3.47.6

spacewalk-base-minimal-config: before 4.1.34-150200.3.47.6

spacewalk-base-minimal: before 4.1.34-150200.3.47.6

spacewalk-base: before 4.1.34-150200.3.47.6

spacewalk-backend-xmlrpc: before 4.1.31-150200.4.50.4

spacewalk-backend-xml-export-libs: before 4.1.31-150200.4.50.4

spacewalk-backend-tools: before 4.1.31-150200.4.50.4

spacewalk-backend-sql-postgresql: before 4.1.31-150200.4.50.4

spacewalk-backend-sql: before 4.1.31-150200.4.50.4

spacewalk-backend-server: before 4.1.31-150200.4.50.4

spacewalk-backend-package-push-server: before 4.1.31-150200.4.50.4

spacewalk-backend-iss-export: before 4.1.31-150200.4.50.4

spacewalk-backend-iss: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-tool: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-common: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files: before 4.1.31-150200.4.50.4

spacewalk-backend-applet: before 4.1.31-150200.4.50.4

spacewalk-backend-app: before 4.1.31-150200.4.50.4

spacewalk-backend: before 4.1.31-150200.4.50.4

spacecmd: before 4.1.18-150200.4.39.3

py27-compat-salt: before 3000.3-150200.6.24.2

prometheus-formula: before 0.3.7-150200.3.21.2

prometheus-exporters-formula: before 0.9.5-150200.3.31.2

postgresql-jdbc: before 42.2.10-150200.3.8.2

susemanager-tools: before 4.1.36-150200.3.52.1

susemanager: before 4.1.36-150200.3.52.1

patterns-suma_server: before 4.1-150200.6.12.2

patterns-suma_retail: before 4.1-150200.6.12.2

golang-github-prometheus-node_exporter: before 1.3.0-150200.3.9.3

golang-github-lusitaniae-apache_exporter-debuginfo: before 0.7.0-150200.2.6.2

golang-github-lusitaniae-apache_exporter: before 0.7.0-150200.2.6.2

golang-github-QubitProducts-exporter_exporter: before 0.4.0-150200.6.12.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222145-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU64571

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-21952

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the "/rhn/manager/frontend-log" script takes a text as a POST parameter and then it writes into the "/var/log/rhn/rhn_web_frontend.log" file. A remote non-authenticated attacker can send arbitrary amount of data to the application log and consume all available disk space, cause a denial of service condition.

Mitigation

Update the affected package SUSE Manager Server 4.1 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for SUSE Manager Server: 4.1

SUSE Manager Server: 4.1

uyuni-config-modules: before 4.1.36-150200.3.64.2

susemanager-web-libs: before 4.1.34-150200.3.47.6

susemanager-sls: before 4.1.36-150200.3.64.2

susemanager-schema: before 4.1.26-150200.3.45.4

susemanager-docs_en-pdf: before 4.1-150200.11.55.2

susemanager-docs_en: before 4.1-150200.11.55.2

susemanager-doc-indexes: before 4.1-150200.11.55.4

subscription-matcher: before 0.28-150200.3.15.2

spacewalk-utils-extras: before 4.1.20-150200.3.30.2

spacewalk-utils: before 4.1.20-150200.3.30.2

spacewalk-taskomatic: before 4.1.46-150200.3.71.5

spacewalk-setup: before 4.1.11-150200.3.18.2

spacewalk-java-postgresql: before 4.1.46-150200.3.71.5

spacewalk-java-lib: before 4.1.46-150200.3.71.5

spacewalk-java-config: before 4.1.46-150200.3.71.5

spacewalk-java: before 4.1.46-150200.3.71.5

spacewalk-html: before 4.1.34-150200.3.47.6

spacewalk-base-minimal-config: before 4.1.34-150200.3.47.6

spacewalk-base-minimal: before 4.1.34-150200.3.47.6

spacewalk-base: before 4.1.34-150200.3.47.6

spacewalk-backend-xmlrpc: before 4.1.31-150200.4.50.4

spacewalk-backend-xml-export-libs: before 4.1.31-150200.4.50.4

spacewalk-backend-tools: before 4.1.31-150200.4.50.4

spacewalk-backend-sql-postgresql: before 4.1.31-150200.4.50.4

spacewalk-backend-sql: before 4.1.31-150200.4.50.4

spacewalk-backend-server: before 4.1.31-150200.4.50.4

spacewalk-backend-package-push-server: before 4.1.31-150200.4.50.4

spacewalk-backend-iss-export: before 4.1.31-150200.4.50.4

spacewalk-backend-iss: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-tool: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-common: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files: before 4.1.31-150200.4.50.4

spacewalk-backend-applet: before 4.1.31-150200.4.50.4

spacewalk-backend-app: before 4.1.31-150200.4.50.4

spacewalk-backend: before 4.1.31-150200.4.50.4

spacecmd: before 4.1.18-150200.4.39.3

py27-compat-salt: before 3000.3-150200.6.24.2

prometheus-formula: before 0.3.7-150200.3.21.2

prometheus-exporters-formula: before 0.9.5-150200.3.31.2

postgresql-jdbc: before 42.2.10-150200.3.8.2

susemanager-tools: before 4.1.36-150200.3.52.1

susemanager: before 4.1.36-150200.3.52.1

patterns-suma_server: before 4.1-150200.6.12.2

patterns-suma_retail: before 4.1-150200.6.12.2

golang-github-prometheus-node_exporter: before 1.3.0-150200.3.9.3

golang-github-lusitaniae-apache_exporter-debuginfo: before 0.7.0-150200.2.6.2

golang-github-lusitaniae-apache_exporter: before 0.7.0-150200.2.6.2

golang-github-QubitProducts-exporter_exporter: before 0.4.0-150200.6.12.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222145-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU62716

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-26520

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to create arbitrary files on the system.

The vulnerability exists due to insufficient validation of user-supplied input when handling jdbc URL or its properties. A remote attacker can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.

Successful exploitation of the vulnerability may allow an attacker to create and executable arbitraru JSP file under a Tomcat web root.

Mitigation

Update the affected package SUSE Manager Server 4.1 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for SUSE Manager Server: 4.1

SUSE Manager Server: 4.1

uyuni-config-modules: before 4.1.36-150200.3.64.2

susemanager-web-libs: before 4.1.34-150200.3.47.6

susemanager-sls: before 4.1.36-150200.3.64.2

susemanager-schema: before 4.1.26-150200.3.45.4

susemanager-docs_en-pdf: before 4.1-150200.11.55.2

susemanager-docs_en: before 4.1-150200.11.55.2

susemanager-doc-indexes: before 4.1-150200.11.55.4

subscription-matcher: before 0.28-150200.3.15.2

spacewalk-utils-extras: before 4.1.20-150200.3.30.2

spacewalk-utils: before 4.1.20-150200.3.30.2

spacewalk-taskomatic: before 4.1.46-150200.3.71.5

spacewalk-setup: before 4.1.11-150200.3.18.2

spacewalk-java-postgresql: before 4.1.46-150200.3.71.5

spacewalk-java-lib: before 4.1.46-150200.3.71.5

spacewalk-java-config: before 4.1.46-150200.3.71.5

spacewalk-java: before 4.1.46-150200.3.71.5

spacewalk-html: before 4.1.34-150200.3.47.6

spacewalk-base-minimal-config: before 4.1.34-150200.3.47.6

spacewalk-base-minimal: before 4.1.34-150200.3.47.6

spacewalk-base: before 4.1.34-150200.3.47.6

spacewalk-backend-xmlrpc: before 4.1.31-150200.4.50.4

spacewalk-backend-xml-export-libs: before 4.1.31-150200.4.50.4

spacewalk-backend-tools: before 4.1.31-150200.4.50.4

spacewalk-backend-sql-postgresql: before 4.1.31-150200.4.50.4

spacewalk-backend-sql: before 4.1.31-150200.4.50.4

spacewalk-backend-server: before 4.1.31-150200.4.50.4

spacewalk-backend-package-push-server: before 4.1.31-150200.4.50.4

spacewalk-backend-iss-export: before 4.1.31-150200.4.50.4

spacewalk-backend-iss: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-tool: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-common: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files: before 4.1.31-150200.4.50.4

spacewalk-backend-applet: before 4.1.31-150200.4.50.4

spacewalk-backend-app: before 4.1.31-150200.4.50.4

spacewalk-backend: before 4.1.31-150200.4.50.4

spacecmd: before 4.1.18-150200.4.39.3

py27-compat-salt: before 3000.3-150200.6.24.2

prometheus-formula: before 0.3.7-150200.3.21.2

prometheus-exporters-formula: before 0.9.5-150200.3.31.2

postgresql-jdbc: before 42.2.10-150200.3.8.2

susemanager-tools: before 4.1.36-150200.3.52.1

susemanager: before 4.1.36-150200.3.52.1

patterns-suma_server: before 4.1-150200.6.12.2

patterns-suma_retail: before 4.1-150200.6.12.2

golang-github-prometheus-node_exporter: before 1.3.0-150200.3.9.3

golang-github-lusitaniae-apache_exporter-debuginfo: before 0.7.0-150200.2.6.2

golang-github-lusitaniae-apache_exporter: before 0.7.0-150200.2.6.2

golang-github-QubitProducts-exporter_exporter: before 0.4.0-150200.6.12.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222145-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information Exposure Through an Error Message

EUVDB-ID: #VU64572

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-31248

CWE-ID: CWE-209 - Information Exposure Through an Error Message

Exploit availability: No

Description

The vulnerability allows a remote attacker to enumerate email addresses of registered users.

The vulnerability exists due to the application in /rhn/help/ForgotCredentials.do exposes information about pretense of an email address of the registered user within the application. A remote non-authenticated attacker can enumerate email addresses of application users.

Mitigation

Update the affected package SUSE Manager Server 4.1 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Module for SUSE Manager Server: 4.1

SUSE Manager Server: 4.1

uyuni-config-modules: before 4.1.36-150200.3.64.2

susemanager-web-libs: before 4.1.34-150200.3.47.6

susemanager-sls: before 4.1.36-150200.3.64.2

susemanager-schema: before 4.1.26-150200.3.45.4

susemanager-docs_en-pdf: before 4.1-150200.11.55.2

susemanager-docs_en: before 4.1-150200.11.55.2

susemanager-doc-indexes: before 4.1-150200.11.55.4

subscription-matcher: before 0.28-150200.3.15.2

spacewalk-utils-extras: before 4.1.20-150200.3.30.2

spacewalk-utils: before 4.1.20-150200.3.30.2

spacewalk-taskomatic: before 4.1.46-150200.3.71.5

spacewalk-setup: before 4.1.11-150200.3.18.2

spacewalk-java-postgresql: before 4.1.46-150200.3.71.5

spacewalk-java-lib: before 4.1.46-150200.3.71.5

spacewalk-java-config: before 4.1.46-150200.3.71.5

spacewalk-java: before 4.1.46-150200.3.71.5

spacewalk-html: before 4.1.34-150200.3.47.6

spacewalk-base-minimal-config: before 4.1.34-150200.3.47.6

spacewalk-base-minimal: before 4.1.34-150200.3.47.6

spacewalk-base: before 4.1.34-150200.3.47.6

spacewalk-backend-xmlrpc: before 4.1.31-150200.4.50.4

spacewalk-backend-xml-export-libs: before 4.1.31-150200.4.50.4

spacewalk-backend-tools: before 4.1.31-150200.4.50.4

spacewalk-backend-sql-postgresql: before 4.1.31-150200.4.50.4

spacewalk-backend-sql: before 4.1.31-150200.4.50.4

spacewalk-backend-server: before 4.1.31-150200.4.50.4

spacewalk-backend-package-push-server: before 4.1.31-150200.4.50.4

spacewalk-backend-iss-export: before 4.1.31-150200.4.50.4

spacewalk-backend-iss: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-tool: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files-common: before 4.1.31-150200.4.50.4

spacewalk-backend-config-files: before 4.1.31-150200.4.50.4

spacewalk-backend-applet: before 4.1.31-150200.4.50.4

spacewalk-backend-app: before 4.1.31-150200.4.50.4

spacewalk-backend: before 4.1.31-150200.4.50.4

spacecmd: before 4.1.18-150200.4.39.3

py27-compat-salt: before 3000.3-150200.6.24.2

prometheus-formula: before 0.3.7-150200.3.21.2

prometheus-exporters-formula: before 0.9.5-150200.3.31.2

postgresql-jdbc: before 42.2.10-150200.3.8.2

susemanager-tools: before 4.1.36-150200.3.52.1

susemanager: before 4.1.36-150200.3.52.1

patterns-suma_server: before 4.1-150200.6.12.2

patterns-suma_retail: before 4.1-150200.6.12.2

golang-github-prometheus-node_exporter: before 1.3.0-150200.3.9.3

golang-github-lusitaniae-apache_exporter-debuginfo: before 0.7.0-150200.2.6.2

golang-github-lusitaniae-apache_exporter: before 0.7.0-150200.2.6.2

golang-github-QubitProducts-exporter_exporter: before 0.4.0-150200.6.12.2

CPE2.3 External links

http://www.suse.com/support/update/announcement/2022/suse-su-20222145-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###