SB2022072737 - SUSE update for SUSE Manager Server 4.2
Published: July 27, 2022
Security Bulletin ID
SB2022072737
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information Exposure Through an Error Message (CVE-ID: CVE-2022-31248)
The vulnerability allows a remote attacker to enumerate email addresses of registered users.
The vulnerability exists due to the application in /rhn/help/ForgotCredentials.do exposes information about pretense of an email address of the registered user within the application. A remote non-authenticated attacker can enumerate email addresses of application users.
Remediation
Install update from vendor's website.