{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2022-4223","title":"Title"},{"category":"description","text":"The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2022-4223","url":"https://www.suse.com/security/cve/CVE-2022-4223"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1206144 for CVE-2022-4223","url":"https://bugzilla.suse.com/1206144"}],"title":"SUSE CVE CVE-2022-4223","tracking":{"current_release_date":"2025-10-07T02:03:42Z","generator":{"date":"2023-02-15T03:30:32Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2022-4223","initial_release_date":"2023-02-15T03:30:32Z","revision_history":[{"date":"2023-02-15T03:30:32Z","number":"2","summary":"Current version"},{"date":"2025-01-01T03:23:07Z","number":"3","summary":"Current version"},{"date":"2025-02-15T04:03:06Z","number":"4","summary":"Current version"},{"date":"2025-02-16T07:52:17Z","number":"5","summary":"Current version"},{"date":"2025-03-15T07:55:24Z","number":"6","summary":"Current version"},{"date":"2025-04-17T01:50:55Z","number":"7","summary":"Current version"},{"date":"2025-06-26T03:27:34Z","number":"8","summary":"Current version"},{"date":"2025-07-02T02:40:20Z","number":"9","summary":"Current version"},{"date":"2025-10-07T02:03:42Z","number":"10","summary":"Current version"}],"status":"interim","version":"10"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE CaaS Platform 4.0","product":{"name":"SUSE CaaS Platform 4.0","product_id":"SUSE CaaS Platform 4.0","product_identification_helper":{"cpe":"cpe:/o:suse:caasp:4.0"}}},{"category":"product_name","name":"SUSE Enterprise Storage 6","product":{"name":"SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6","product_identification_helper":{"cpe":"cpe:/o:suse:ses:6"}}},{"category":"product_name","name":"SUSE Enterprise Storage 7","product":{"name":"SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7"}}},{"category":"product_name","name":"SUSE Enterprise Storage 7.1","product":{"name":"SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7.1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-espos:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP4","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Server Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Module for Server Applications 15 SP4","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-server-applications:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Real Time 15 SP3","product":{"name":"SUSE Linux Enterprise Real Time 15 SP3","product_id":"SUSE Linux Enterprise Real Time 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle_rt:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP1-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP4","product":{"name":"SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp4"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.2","product":{"name":"SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.2"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.3","product":{"name":"SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.3"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.2","product":{"name":"SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.2"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.3","product":{"name":"SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.3"}}},{"category":"product_name","name":"SUSE Manager Server 4.2","product":{"name":"SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.2"}}},{"category":"product_name","name":"SUSE Manager Server 4.3","product":{"name":"SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.3"}}},{"category":"product_version","name":"pgadmin4","product":{"name":"pgadmin4","product_id":"pgadmin4","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgadmin_4:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/pgadmin4@?upstream=pgadmin4.src.rpm"}}},{"category":"product_version","name":"pgadmin4-doc","product":{"name":"pgadmin4-doc","product_id":"pgadmin4-doc","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgadmin_4:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/pgadmin4-doc@?upstream=pgadmin4.src.rpm"}}},{"category":"product_version","name":"pgadmin4-web","product":{"name":"pgadmin4-web","product_id":"pgadmin4-web","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgadmin_4:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/pgadmin4-web@?upstream=pgadmin4.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE CaaS Platform 4.0","product_id":"SUSE CaaS Platform 4.0:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE CaaS Platform 4.0"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE CaaS Platform 4.0","product_id":"SUSE CaaS Platform 4.0:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE CaaS Platform 4.0"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE CaaS Platform 4.0","product_id":"SUSE CaaS Platform 4.0:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE CaaS Platform 4.0"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Enterprise Storage 6"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Enterprise Storage 7","product_id":"SUSE Enterprise Storage 7:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Enterprise Storage 7"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Enterprise Storage 7.1"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Enterprise Storage 7.1"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Enterprise Storage 7.1"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Manager Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Manager Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Manager Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Manager Proxy 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Manager Proxy 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Manager Proxy 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Module for Server Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Module for Server Applications 15 SP4","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Module for Server Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Module for Server Applications 15 SP4","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Module for Server Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Real Time 15 SP3","product_id":"SUSE Linux Enterprise Real Time 15 SP3:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Real Time 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Real Time 15 SP3","product_id":"SUSE Linux Enterprise Real Time 15 SP3:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Real Time 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Real Time 15 SP3","product_id":"SUSE Linux Enterprise Real Time 15 SP3:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Real Time 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP2:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Manager Proxy 4.2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Manager Proxy 4.2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Manager Proxy 4.2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4 as component of SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2:pgadmin4"},"product_reference":"pgadmin4","relates_to_product_reference":"SUSE Manager Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-doc as component of SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2:pgadmin4-doc"},"product_reference":"pgadmin4-doc","relates_to_product_reference":"SUSE Manager Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"pgadmin4-web as component of SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2:pgadmin4-web"},"product_reference":"pgadmin4-web","relates_to_product_reference":"SUSE Manager Server 4.2"}]},"vulnerabilities":[{"cve":"CVE-2022-4223","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-4223"}],"notes":[{"category":"general","text":"The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE CaaS Platform 4.0:pgadmin4","SUSE CaaS Platform 4.0:pgadmin4-doc","SUSE CaaS Platform 4.0:pgadmin4-web","SUSE Enterprise Storage 6:pgadmin4","SUSE Enterprise Storage 7.1:pgadmin4","SUSE Enterprise Storage 7.1:pgadmin4-doc","SUSE Enterprise Storage 7.1:pgadmin4-web","SUSE Enterprise Storage 7:pgadmin4","SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:pgadmin4","SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:pgadmin4-doc","SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:pgadmin4-web","SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:pgadmin4","SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:pgadmin4-doc","SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:pgadmin4-web","SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:pgadmin4","SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:pgadmin4-doc","SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:pgadmin4-web","SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4","SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc","SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web","SUSE Linux Enterprise High Performance Computing 15 SP4:pgadmin4","SUSE Linux Enterprise High Performance Computing 15 SP4:pgadmin4-doc","SUSE Linux Enterprise High Performance Computing 15 SP4:pgadmin4-web","SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4","SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4-doc","SUSE Linux Enterprise Module for Server Applications 15 SP4:pgadmin4-web","SUSE Linux Enterprise Real Time 15 SP3:pgadmin4","SUSE Linux Enterprise Real Time 15 SP3:pgadmin4-doc","SUSE Linux Enterprise Real Time 15 SP3:pgadmin4-web","SUSE Linux Enterprise Server 15 SP1-LTSS:pgadmin4","SUSE Linux Enterprise Server 15 SP1-LTSS:pgadmin4-doc","SUSE Linux Enterprise Server 15 SP1-LTSS:pgadmin4-web","SUSE Linux Enterprise Server 15 SP2-LTSS:pgadmin4","SUSE Linux Enterprise Server 15 SP2-LTSS:pgadmin4-doc","SUSE Linux Enterprise Server 15 SP2-LTSS:pgadmin4-web","SUSE Linux Enterprise Server 15 SP4:pgadmin4","SUSE Linux Enterprise Server 15 SP4:pgadmin4-doc","SUSE Linux Enterprise Server 15 SP4:pgadmin4-web","SUSE Linux Enterprise Server for SAP Applications 15 SP1:pgadmin4","SUSE Linux Enterprise Server for SAP Applications 15 SP1:pgadmin4-doc","SUSE Linux Enterprise Server for SAP Applications 15 SP1:pgadmin4-web","SUSE Linux Enterprise Server for SAP Applications 15 SP2:pgadmin4","SUSE Linux Enterprise Server for SAP Applications 15 SP2:pgadmin4-doc","SUSE Linux Enterprise Server for SAP Applications 15 SP2:pgadmin4-web","SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4","SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc","SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web","SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4","SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc","SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web","SUSE Manager Proxy 4.2:pgadmin4","SUSE Manager Proxy 4.2:pgadmin4-doc","SUSE Manager Proxy 4.2:pgadmin4-web","SUSE Manager Proxy 4.3:pgadmin4","SUSE Manager Proxy 4.3:pgadmin4-doc","SUSE Manager Proxy 4.3:pgadmin4-web","SUSE Manager Retail Branch Server 4.2:pgadmin4","SUSE Manager Retail Branch Server 4.2:pgadmin4-doc","SUSE Manager Retail Branch Server 4.2:pgadmin4-web","SUSE Manager Retail Branch Server 4.3:pgadmin4","SUSE Manager Retail Branch Server 4.3:pgadmin4-doc","SUSE Manager Retail Branch Server 4.3:pgadmin4-web","SUSE Manager Server 4.2:pgadmin4","SUSE Manager Server 4.2:pgadmin4-doc","SUSE Manager Server 4.2:pgadmin4-web","SUSE Manager Server 4.3:pgadmin4","SUSE Manager Server 4.3:pgadmin4-doc","SUSE Manager Server 4.3:pgadmin4-web"]},"references":[{"category":"external","summary":"CVE-2022-4223","url":"https://www.suse.com/security/cve/CVE-2022-4223"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1206144 for CVE-2022-4223","url":"https://bugzilla.suse.com/1206144"}],"threats":[{"category":"impact","date":"2022-12-07T06:00:33Z","details":"important"}],"title":"CVE-2022-4223"}]}