LiveActive security incident?Get immediate response
CVE Record

CVE-2022-21952: SUMA unauthenticated remote DoS via resource exhaustion

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.

HighCVSS 7.5Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

CVE-2022-21952 lets an unauthenticated remote attacker consume disk resources on affected SUSE Manager Server instances, causing a denial of service. The business impact is availability loss for systems management operations. There is no source-provided evidence of active exploitation or CISA KEV listing in the supplied data.

Executive priority

Treat as a high-priority availability risk for affected SUSE Manager environments. Prioritize patching if the server is network-exposed or operationally critical, because exploitation requires no authentication.

Technical view

The flaw is missing authentication for a critical function in SUSE Manager Server spacewalk-java. A remote, unauthenticated, low-complexity attacker can exhaust disk resources. Affected versions are SUSE Manager Server 4.1 spacewalk-java before 4.1.46 and SUSE Manager Server 4.2 spacewalk-java before 4.2.37. CVSS 3.1 score is 7.5, availability impact high.

Likely exposure

Exposure is limited to organizations running SUSE Manager Server 4.1 or 4.2 with vulnerable spacewalk-java versions reachable over a network. Internet-facing or broadly reachable management servers carry higher operational risk.

Exploitation context

The CVSS vector indicates network attack, no privileges, no user interaction, and low attack complexity. The supplied sources do not show active exploitation, public exploit availability, or KEV inclusion.

Researcher notes

Mapped weaknesses are CWE-306 and CWE-770. The core issue is unauthenticated access to functionality that can drive uncontrolled resource consumption. Evidence in the supplied bundle identifies affected branches and fixed package thresholds but does not include exploit details.

Mitigation direction

  • Upgrade SUSE Manager Server 4.1 spacewalk-java to 4.1.46 or later.
  • Upgrade SUSE Manager Server 4.2 spacewalk-java to 4.2.37 or later.
  • Review SUSE advisory or Bugzilla guidance for deployment-specific instructions.
  • Restrict network access to SUSE Manager Server until remediation is complete.

Validation and detection

  • Inventory SUSE Manager Server 4.1 and 4.2 deployments.
  • Check installed spacewalk-java package versions against fixed thresholds.
  • Confirm management interfaces are not unnecessarily exposed to untrusted networks.
  • Monitor disk utilization and service availability for abnormal resource consumption.
Prepared
Confidence
high
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-306: Credential and account abuse lookup

Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cwe · low confidence lookup

CWE-770: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2022-21952 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
1ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H3.93.6suse

Vulnerability scoring details

Base CVSS 3.1 score

7.5High
CVSS 3.1 vector shape for CVE-2022-21952Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
SUSESUSE Manager Server 4.1spacewalk-javaunaffected
SUSESUSE Manager Server 4.2spacewalk-javaunaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-306 · source CWE mapping

CWE mapping pending import

This CVE carries a CWE mapping that will resolve to a full Glexia CWE intelligence page after the official CWE import is complete.

CWE-770 · source CWE mapping

CWE mapping pending import

This CVE carries a CWE mapping that will resolve to a full Glexia CWE intelligence page after the official CWE import is complete.