Search criteria
4 vulnerabilities found for Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE by SUSE
CVE-2025-46809 (GCVE-0-2025-46809)
Vulnerability from cvelistv5 – Published: 2025-07-31 15:24 – Updated: 2025-09-03 07:12
VLAI?
Summary
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.
Severity ?
5.7 (Medium)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1 |
Affected:
? , < 4.3.33-150400.3.55.2
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Oscar Barrios of SUSE
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T20:08:05.402246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T20:08:17.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.0.14-150600.4.17.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.0.14-150600.4.17.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "SUSE Manager Proxy Module 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "SUSE Manager Server Module 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oscar Barrios of SUSE"
}
],
"datePublic": "2025-07-23T12:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.\u0026nbsp;\u003cp\u003eThis issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.\u003c/p\u003e"
}
],
"value": "A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.\u00a0This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:12:41.584Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46809"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-46809",
"datePublished": "2025-07-31T15:24:41.890Z",
"dateReserved": "2025-04-30T11:28:04.728Z",
"dateUpdated": "2025-09-03T07:12:41.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46811 (GCVE-0-2025-46811)
Vulnerability from cvelistv5 – Published: 2025-07-30 14:20 – Updated: 2025-09-03 07:03
VLAI?
Summary
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
Severity ?
9.8 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 |
Affected:
? , < 5.0.27-150600.3.33.1
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Simon Holl (MindBytes)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-02T03:55:50.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.0.27-150600.3.33.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "SUSE Manager Server Module 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simon Holl (MindBytes)"
}
],
"datePublic": "2025-07-23T12:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.\u0026nbsp;\u003cp\u003eThis issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.\u003c/p\u003e"
}
],
"value": "A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.\u00a0This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:03:41.669Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-46811",
"datePublished": "2025-07-30T14:20:53.828Z",
"dateReserved": "2025-04-30T11:28:04.729Z",
"dateUpdated": "2025-09-03T07:03:41.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46809 (GCVE-0-2025-46809)
Vulnerability from nvd – Published: 2025-07-31 15:24 – Updated: 2025-09-03 07:12
VLAI?
Summary
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.
Severity ?
5.7 (Medium)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1 |
Affected:
? , < 4.3.33-150400.3.55.2
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Oscar Barrios of SUSE
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T20:08:05.402246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T20:08:17.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.0.14-150600.4.17.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.0.14-150600.4.17.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "SUSE Manager Proxy Module 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-backend",
"product": "SUSE Manager Server Module 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.33-150400.3.55.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oscar Barrios of SUSE"
}
],
"datePublic": "2025-07-23T12:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.\u0026nbsp;\u003cp\u003eThis issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.\u003c/p\u003e"
}
],
"value": "A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.\u00a0This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:12:41.584Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46809"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-46809",
"datePublished": "2025-07-31T15:24:41.890Z",
"dateReserved": "2025-04-30T11:28:04.728Z",
"dateUpdated": "2025-09-03T07:12:41.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46811 (GCVE-0-2025-46811)
Vulnerability from nvd – Published: 2025-07-30 14:20 – Updated: 2025-09-03 07:03
VLAI?
Summary
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
Severity ?
9.8 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 |
Affected:
? , < 5.0.27-150600.3.33.1
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
Simon Holl (MindBytes)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-02T03:55:50.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.0.27-150600.3.33.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "spacewalk-java",
"product": "SUSE Manager Server Module 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.3.87-150400.3.110.2",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simon Holl (MindBytes)"
}
],
"datePublic": "2025-07-23T12:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.\u0026nbsp;\u003cp\u003eThis issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.\u003c/p\u003e"
}
],
"value": "A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.\u00a0This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T07:03:41.669Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-46811",
"datePublished": "2025-07-30T14:20:53.828Z",
"dateReserved": "2025-04-30T11:28:04.729Z",
"dateUpdated": "2025-09-03T07:03:41.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}