CVE-2022-31254 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-31254 PUBLISHED CVSS 7.800000190734863 HIGH

A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.

EPSS 0.05% · 13.9th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.05%

13.9th percentile

Affected Products

Vendor	Product	Versions
SUSE	SUSE Linux Enterprise Server for SAP 15	rmt-server
SUSE	SUSE Linux Enterprise Server for SAP 15-SP1	rmt-server
opensuse	rmt-server	0
openSUSE	openSUSE Leap 15.3	rmt-server
openSUSE	openSUSE Leap 15.4	rmt-server
SUSE	SUSE Manager Server 4.1	rmt-server

Timeline

Feb 7, 2023 CVE Published
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 19, 2023 EPSS Score
Apr 28, 2023 EPSS Score
Jun 6, 2023 EPSS Score
Jul 15, 2023 EPSS Score
Aug 24, 2023 EPSS Score
Oct 2, 2023 EPSS Score
Nov 10, 2023 EPSS Score
Dec 19, 2023 EPSS Score
Jan 28, 2024 EPSS Score

References

Open in Interactive Console →