CVE-2022-21952: SUMA unauthenticated remote DoS via resource exhaustion
A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.
Security readout for executives and security teams
Plain-English summary
CVE-2022-21952 lets an unauthenticated remote attacker consume disk resources on affected SUSE Manager Server instances, causing a denial of service. The business impact is availability loss for systems management operations. There is no source-provided evidence of active exploitation or CISA KEV listing in the supplied data.
Executive priority
Treat as a high-priority availability risk for affected SUSE Manager environments. Prioritize patching if the server is network-exposed or operationally critical, because exploitation requires no authentication.
Technical view
The flaw is missing authentication for a critical function in SUSE Manager Server spacewalk-java. A remote, unauthenticated, low-complexity attacker can exhaust disk resources. Affected versions are SUSE Manager Server 4.1 spacewalk-java before 4.1.46 and SUSE Manager Server 4.2 spacewalk-java before 4.2.37. CVSS 3.1 score is 7.5, availability impact high.
Likely exposure
Exposure is limited to organizations running SUSE Manager Server 4.1 or 4.2 with vulnerable spacewalk-java versions reachable over a network. Internet-facing or broadly reachable management servers carry higher operational risk.
Exploitation context
The CVSS vector indicates network attack, no privileges, no user interaction, and low attack complexity. The supplied sources do not show active exploitation, public exploit availability, or KEV inclusion.
Researcher notes
Mapped weaknesses are CWE-306 and CWE-770. The core issue is unauthenticated access to functionality that can drive uncontrolled resource consumption. Evidence in the supplied bundle identifies affected branches and fixed package thresholds but does not include exploit details.
Mitigation direction
Upgrade SUSE Manager Server 4.1 spacewalk-java to 4.1.46 or later.
Upgrade SUSE Manager Server 4.2 spacewalk-java to 4.2.37 or later.
Review SUSE advisory or Bugzilla guidance for deployment-specific instructions.
Restrict network access to SUSE Manager Server until remediation is complete.
Validation and detection
Inventory SUSE Manager Server 4.1 and 4.2 deployments.
Check installed spacewalk-java package versions against fixed thresholds.
Confirm management interfaces are not unnecessarily exposed to untrusted networks.
Monitor disk utilization and service availability for abnormal resource consumption.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-306: Credential and account abuse lookup
Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
2Source links
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.