CVE-2022-31248 - OpenCVE

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Suse	Manager Server

Configuration 1 [-]

OR	cpe:2.3:a:suse:manager_server::::::::
	cpe:2.3:a:suse:manager_server::::::::

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1199629

History

No history.

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2022-06-22T10:05:13.408202Z

Updated: 2024-09-16T16:22:26.146Z

Reserved: 2022-05-20T00:00:00

Link: CVE-2022-31248

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-22T10:15:08.023

Modified: 2022-06-30T04:05:45.743

Link: CVE-2022-31248

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SUSE Manager Server 4.1", "vendor": "SUSE", "versions": [{"lessThan": "4.1.46-1", "status": "affected", "version": "spacewalk-java", "versionType": "custom"}]}, {"product": "SUSE Manager Server 4.2", "vendor": "SUSE", "versions": [{"lessThan": "4.2.37-1", "status": "affected", "version": "spacewalk-java", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Paolo Perego from SUSE"}], "datePublic": "2022-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-204", "description": "CWE-204: Observable Response Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-22T10:05:13", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1199629"}], "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1199629", "defect": ["1199629"], "discovery": "INTERNAL"}, "title": "SUMA user enumeration via weak error message", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2022-06-20T00:00:00.000Z", "ID": "CVE-2022-31248", "STATE": "PUBLIC", "TITLE": "SUMA user enumeration via weak error message"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SUSE Manager Server 4.1", "version": {"version_data": [{"version_affected": "<", "version_name": "spacewalk-java", "version_value": "4.1.46-1"}]}}, {"product_name": "SUSE Manager Server 4.2", "version": {"version_data": [{"version_affected": "<", "version_name": "spacewalk-java", "version_value": "4.2.37-1"}]}}]}, "vendor_name": "SUSE"}]}}, "credit": [{"lang": "eng", "value": "Paolo Perego from SUSE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-204: Observable Response Discrepancy"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.suse.com/show_bug.cgi?id=1199629", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1199629"}]}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1199629", "defect": ["1199629"], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:11:39.904Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1199629"}]}]}, "cveMetadata": {"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2022-31248", "datePublished": "2022-06-22T10:05:13.408202Z", "dateReserved": "2022-05-20T00:00:00", "dateUpdated": "2024-09-16T16:22:26.146Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F88A89E7-510A-4685-839A-E58C660A3F01", "versionEndExcluding": "4.1.46-1", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "13969A6F-AEC7-474A-AB41-EE7E3C80BA6E", "versionEndExcluding": "4.2.37-1", "versionStartIncluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1."}, {"lang": "es", "value": "Una vulnerabilidad de discrepancia de respuesta observable en spacewalk-java de SUSE Manager Server versi\u00f3n 4.1, SUSE Manager Server versiones 4.2, permite a atacantes remotos detectar nombres de usuario v\u00e1lidos. Este problema afecta a: SUSE Manager Server versiones 4.1 spacewalk-java anteriores a 4.1.46-1. SUSE Manager Server versiones 4.2 spacewalk-java anteriores a la 4.2.37-1"}], "id": "CVE-2022-31248", "lastModified": "2022-06-30T04:05:45.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2022-06-22T10:15:08.023", "references": [{"source": "meissner@suse.de", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1199629"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-204"}], "source": "meissner@suse.de", "type": "Primary"}]}