VDB

CVE-2022-31254

CVE-2022-31254 PUBLISHED CVSS 7.800000190734863 HIGH

A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.

EPSS 0.05% · 14.5th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.05%
14.5th percentile

Affected Products

VendorProductVersions
SUSESUSE Linux Enterprise Server for SAP 15rmt-server
SUSESUSE Linux Enterprise Server for SAP 15-SP1rmt-server
opensusermt-server0
openSUSEopenSUSE Leap 15.3rmt-server
openSUSEopenSUSE Leap 15.4rmt-server
SUSESUSE Manager Server 4.1*

Exploit Intelligence

Timeline

  • Feb 7, 2023 CVE Published
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 20, 2023 EPSS Score
  • Apr 29, 2023 EPSS Score
  • Jun 8, 2023 EPSS Score
  • Jul 18, 2023 EPSS Score
  • Aug 26, 2023 EPSS Score
  • Oct 5, 2023 EPSS Score
  • Nov 14, 2023 EPSS Score
  • Dec 24, 2023 EPSS Score
  • Feb 2, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›