CVE-2022-31248

CWE-2043 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 59.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Manager Server 4.1 Suse Suse Manager Server 4.2 Suse Manager Server

Timeline

PublishedJun 22

Latest updateJun 23

Description

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDsuse/manager_server4.1 — 4.1.46-1+1

▶CVEListV5suse/suse_manager_server_4.1spacewalk-java — 4.1.46-1

▶CVEListV5suse/suse_manager_server_4.2spacewalk-java — 4.2.37-1

🔴Vulnerability Details

GHSA

GHSA-jcvh-6rq4-c7xr: A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4↗2022-06-23

▶

CVEList

SUMA user enumeration via weak error message↗2022-06-22

▶