Lucene search

SuseCVELIST:CVE-2022-43754

HistoryNov 04, 2022 - 12:00 a.m.

CVE-2022-43754 SUMA/UYUNI reflected cross site scripting in /rhn/audit/scap/Search.do

2022-11-0400:00:00

CWE-79

suse

www.cve.org

cve-2022-43754

suma

uyuni

reflected cross site scripting

suse linux enterprise module for suse manager server 4.2

suse linux enterprise module for suse manager server 4.3

spacewalk

suse manager server 4.2

suse manager server 4.3

release notes

cve

2.6 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.

CNA Affected

[
  {
    "vendor": "SUSE",
    "product": "SUSE Linux Enterprise Module for SUSE Manager Server 4.2",
    "versions": [
      {
        "version": "hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls",
        "status": "affected",
        "lessThan": "4.2.28",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE Linux Enterprise Module for SUSE Manager Server 4.3",
    "versions": [
      {
        "version": "spacewalk-java",
        "status": "affected",
        "lessThan": "4.3.39",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE Manager Server 4.2",
    "versions": [
      {
        "version": "release-notes-susemanager",
        "status": "affected",
        "lessThan": "4.2.10",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1204741

2.6 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for CVELIST:CVE-2022-43754