{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-21952","assignerOrgId":"404e59f5-483d-4b8a-8e7a-e67604dd8afb","assignerShortName":"suse","dateUpdated":"2026-07-07T09:28:04.536Z","dateReserved":"2021-12-16T00:00:00.000Z","datePublished":"2022-06-22T10:05:11.864Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404e59f5-483d-4b8a-8e7a-e67604dd8afb","shortName":"suse","dateUpdated":"2026-07-07T09:28:04.536Z"},"title":"SUMA unauthenticated remote DoS via resource exhaustion","datePublic":"2022-06-19T22:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-306","description":"CWE-306: Missing Authentication for Critical Function","type":"CWE"}]},{"descriptions":[{"lang":"en","cweId":"CWE-770","description":"CWE-770: Allocation of Resources Without Limits or Throttling","type":"CWE"}]}],"affected":[{"vendor":"SUSE","product":"SUSE Manager Server 4.1","versions":[{"status":"affected","version":"spacewalk-java","lessThan":"4.1.46","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"SUSE","product":"SUSE Manager Server 4.2","versions":[{"status":"affected","version":"spacewalk-java","lessThan":"4.2.37","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.</p>"}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1199512"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"credits":[{"lang":"en","value":"Paolo Perego from SUSE","user":"00000000-0000-4000-9000-000000000000","type":"finder"}],"source":{"defect":["1199512"],"advisory":"https://bugzilla.suse.com/show_bug.cgi?id=1199512","discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 0.0.9"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:00:54.521Z"},"title":"CVE Program Container","references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1199512","tags":["x_transferred"]}]}]}}