SUSE update for SUSE Manager Server 4.3
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-31248 |
| CWE-ID | CWE-209 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Manager Server Operating systems & Components / Operating system SUSE Linux Enterprise Module for SUSE Manager Server Operating systems & Components / Operating system xmlpull-api Operating systems & Components / Operating system package or component woodstox Operating systems & Components / Operating system package or component virtual-host-gatherer-libcloud Operating systems & Components / Operating system package or component virtual-host-gatherer-VMware Operating systems & Components / Operating system package or component virtual-host-gatherer-Nutanix Operating systems & Components / Operating system package or component virtual-host-gatherer-Kubernetes Operating systems & Components / Operating system package or component virtual-host-gatherer Operating systems & Components / Operating system package or component uyuni-config-modules Operating systems & Components / Operating system package or component susemanager-sls Operating systems & Components / Operating system package or component susemanager-schema-utility Operating systems & Components / Operating system package or component susemanager-schema Operating systems & Components / Operating system package or component susemanager-retail-tools Operating systems & Components / Operating system package or component susemanager-docs_en-pdf Operating systems & Components / Operating system package or component susemanager-docs_en Operating systems & Components / Operating system package or component susemanager-build-keys-web Operating systems & Components / Operating system package or component susemanager-build-keys Operating systems & Components / Operating system package or component subscription-matcher Operating systems & Components / Operating system package or component spacewalk-utils-extras Operating systems & Components / Operating system package or component spacewalk-utils Operating systems & Components / Operating system package or component spacewalk-taskomatic Operating systems & Components / Operating system package or component spacewalk-setup Operating systems & Components / Operating system package or component spacewalk-search Operating systems & Components / Operating system package or component spacewalk-postgresql Operating systems & Components / Operating system package or component spacewalk-java-postgresql Operating systems & Components / Operating system package or component spacewalk-java-lib Operating systems & Components / Operating system package or component spacewalk-java-config Operating systems & Components / Operating system package or component spacewalk-java Operating systems & Components / Operating system package or component spacewalk-html Operating systems & Components / Operating system package or component spacewalk-config Operating systems & Components / Operating system package or component spacewalk-common Operating systems & Components / Operating system package or component spacewalk-client-tools Operating systems & Components / Operating system package or component spacewalk-certs-tools Operating systems & Components / Operating system package or component spacewalk-base-minimal-config Operating systems & Components / Operating system package or component spacewalk-base-minimal Operating systems & Components / Operating system package or component spacewalk-base Operating systems & Components / Operating system package or component spacewalk-backend-xmlrpc Operating systems & Components / Operating system package or component spacewalk-backend-xml-export-libs Operating systems & Components / Operating system package or component spacewalk-backend-tools Operating systems & Components / Operating system package or component spacewalk-backend-sql-postgresql Operating systems & Components / Operating system package or component spacewalk-backend-sql Operating systems & Components / Operating system package or component spacewalk-backend-server Operating systems & Components / Operating system package or component spacewalk-backend-package-push-server Operating systems & Components / Operating system package or component spacewalk-backend-iss-export Operating systems & Components / Operating system package or component spacewalk-backend-iss Operating systems & Components / Operating system package or component spacewalk-backend-config-files-tool Operating systems & Components / Operating system package or component spacewalk-backend-config-files-common Operating systems & Components / Operating system package or component spacewalk-backend-config-files Operating systems & Components / Operating system package or component spacewalk-backend-applet Operating systems & Components / Operating system package or component spacewalk-backend-app Operating systems & Components / Operating system package or component spacewalk-backend Operating systems & Components / Operating system package or component spacecmd Operating systems & Components / Operating system package or component salt-netapi-client Operating systems & Components / Operating system package or component python3-urlgrabber Operating systems & Components / Operating system package or component python3-susemanager-retail Operating systems & Components / Operating system package or component python3-spacewalk-client-tools Operating systems & Components / Operating system package or component python3-spacewalk-certs-tools Operating systems & Components / Operating system package or component optaplanner Operating systems & Components / Operating system package or component mvel2 Operating systems & Components / Operating system package or component kie-api Operating systems & Components / Operating system package or component jose4j Operating systems & Components / Operating system package or component jakarta-commons-validator Operating systems & Components / Operating system package or component image-sync-formula Operating systems & Components / Operating system package or component drools Operating systems & Components / Operating system package or component apache-commons-math3 Operating systems & Components / Operating system package or component apache-commons-csv Operating systems & Components / Operating system package or component susemanager-tools Operating systems & Components / Operating system package or component susemanager Operating systems & Components / Operating system package or component smdba Operating systems & Components / Operating system package or component reprepro-debugsource Operating systems & Components / Operating system package or component reprepro-debuginfo Operating systems & Components / Operating system package or component reprepro Operating systems & Components / Operating system package or component python3-uyuni-common-libs Operating systems & Components / Operating system package or component inter-server-sync-debuginfo Operating systems & Components / Operating system package or component inter-server-sync Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information Exposure Through an Error Message
EUVDB-ID: #VU64572
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-31248
CWE-ID:
CWE-209 - Information Exposure Through an Error Message
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to enumerate email addresses of registered users.
The vulnerability exists due to the application in /rhn/help/ForgotCredentials.do exposes information about pretense of an email address of the registered user within the application. A remote non-authenticated attacker can enumerate email addresses of application users.
Update the affected package SUSE Manager Server 4.3 to the latest version.
Vulnerable software versionsSUSE Manager Server: 4.3
SUSE Linux Enterprise Module for SUSE Manager Server: 4.3
xmlpull-api: before 1.1.3.1-150400.3.3.1
woodstox: before 4.4.2-150400.3.3.1
virtual-host-gatherer-libcloud: before 1.0.23-150400.3.3.1
virtual-host-gatherer-VMware: before 1.0.23-150400.3.3.1
virtual-host-gatherer-Nutanix: before 1.0.23-150400.3.3.1
virtual-host-gatherer-Kubernetes: before 1.0.23-150400.3.3.1
virtual-host-gatherer: before 1.0.23-150400.3.3.1
uyuni-config-modules: before 4.3.24-150400.3.3.1
susemanager-sls: before 4.3.24-150400.3.3.1
susemanager-schema-utility: before 4.3.13-150400.3.3.3
susemanager-schema: before 4.3.13-150400.3.3.3
susemanager-retail-tools: before 1.0.1658330139.861779d-150400.3.3.1
susemanager-docs_en-pdf: before 4.3-150400.9.3.1
susemanager-docs_en: before 4.3-150400.9.3.1
susemanager-build-keys-web: before 15.4.3-150400.3.3.1
susemanager-build-keys: before 15.4.3-150400.3.3.1
subscription-matcher: before 0.29-150400.3.3.1
spacewalk-utils-extras: before 4.3.13-150400.3.3.3
spacewalk-utils: before 4.3.13-150400.3.3.3
spacewalk-taskomatic: before 4.3.35-150400.3.3.5
spacewalk-setup: before 4.3.10-150400.3.3.3
spacewalk-search: before 4.3.6-150400.3.3.3
spacewalk-postgresql: before 4.3.5-150400.3.3.2
spacewalk-java-postgresql: before 4.3.35-150400.3.3.5
spacewalk-java-lib: before 4.3.35-150400.3.3.5
spacewalk-java-config: before 4.3.35-150400.3.3.5
spacewalk-java: before 4.3.35-150400.3.3.5
spacewalk-html: before 4.3.23-150400.3.3.4
spacewalk-config: before 4.3.9-150400.3.3.3
spacewalk-common: before 4.3.5-150400.3.3.2
spacewalk-client-tools: before 4.3.11-150400.3.3.4
spacewalk-certs-tools: before 4.3.14-150400.3.3.2
spacewalk-base-minimal-config: before 4.3.23-150400.3.3.4
spacewalk-base-minimal: before 4.3.23-150400.3.3.4
spacewalk-base: before 4.3.23-150400.3.3.4
spacewalk-backend-xmlrpc: before 4.3.15-150400.3.3.5
spacewalk-backend-xml-export-libs: before 4.3.15-150400.3.3.5
spacewalk-backend-tools: before 4.3.15-150400.3.3.5
spacewalk-backend-sql-postgresql: before 4.3.15-150400.3.3.5
spacewalk-backend-sql: before 4.3.15-150400.3.3.5
spacewalk-backend-server: before 4.3.15-150400.3.3.5
spacewalk-backend-package-push-server: before 4.3.15-150400.3.3.5
spacewalk-backend-iss-export: before 4.3.15-150400.3.3.5
spacewalk-backend-iss: before 4.3.15-150400.3.3.5
spacewalk-backend-config-files-tool: before 4.3.15-150400.3.3.5
spacewalk-backend-config-files-common: before 4.3.15-150400.3.3.5
spacewalk-backend-config-files: before 4.3.15-150400.3.3.5
spacewalk-backend-applet: before 4.3.15-150400.3.3.5
spacewalk-backend-app: before 4.3.15-150400.3.3.5
spacewalk-backend: before 4.3.15-150400.3.3.5
spacecmd: before 4.3.14-150400.3.3.2
salt-netapi-client: before 0.20.0-150400.3.3.5
python3-urlgrabber: before 4.1.0-150400.3.3.1
python3-susemanager-retail: before 1.0.1658330139.861779d-150400.3.3.1
python3-spacewalk-client-tools: before 4.3.11-150400.3.3.4
python3-spacewalk-certs-tools: before 4.3.14-150400.3.3.2
optaplanner: before 7.17.0-150400.3.3.1
mvel2: before 2.2.6.Final-150400.3.3.1
kie-api: before 7.17.0-150400.3.3.1
jose4j: before 0.5.1-150400.3.3.1
jakarta-commons-validator: before 1.1.4-21.150400.21.3.4
image-sync-formula: before 0.1.1658330139.861779d-150400.3.3.1
drools: before 7.17.0-150400.3.3.1
apache-commons-math3: before 3.2-150400.3.3.1
apache-commons-csv: before 1.2-150400.3.3.1
susemanager-tools: before 4.3.18-150400.3.3.2
susemanager: before 4.3.18-150400.3.3.2
smdba: before 1.7.10-0.150400.4.3.1
reprepro-debugsource: before 5.3.0-150400.3.3.1
reprepro-debuginfo: before 5.3.0-150400.3.3.1
reprepro: before 5.3.0-150400.3.3.1
python3-uyuni-common-libs: before 4.3.5-150400.3.3.2
inter-server-sync-debuginfo: before 0.2.3-150400.3.3.1
inter-server-sync: before 0.2.3-150400.3.3.1
CPE2.3- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:suse:xmlpull-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:woodstox:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:virtual-host-gatherer-libcloud:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:virtual-host-gatherer-vmware:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:virtual-host-gatherer-nutanix:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:virtual-host-gatherer-kubernetes:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:virtual-host-gatherer:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:uyuni-config-modules:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-sls:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-schema-utility:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-schema:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-retail-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-docs_en-pdf:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-docs_en:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-build-keys-web:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-build-keys:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:subscription-matcher:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-utils-extras:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-utils:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-taskomatic:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-search:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-java-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-java-lib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-java-config:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-java:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-html:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-config:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-certs-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-base-minimal-config:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-base-minimal:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-base:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-xmlrpc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-xml-export-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-sql-postgresql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-sql:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-server:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-package-push-server:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-iss-export:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-iss:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-config-files-tool:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-config-files-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-config-files:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-applet:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend-app:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-backend:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacecmd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-netapi-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-urlgrabber:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-susemanager-retail:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-spacewalk-certs-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:optaplanner:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mvel2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kie-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:jose4j:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:jakarta-commons-validator:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:image-sync-formula:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:drools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:apache-commons-math3:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:apache-commons-csv:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:susemanager:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:smdba:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reprepro-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reprepro-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:reprepro:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-uyuni-common-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:inter-server-sync-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:inter-server-sync:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20223194-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
