CVE-2025-46809
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Summary
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1 | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1 | ? < 5.0.14-150600.4.17.1 | affected |
| SUSE | Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 | ? < 5.0.14-150600.4.17.1 | affected |
| SUSE | Image SLES15-SP4-Manager-Proxy-4-3-BYOS | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | Image SLES15-SP4-Manager-Server-4-3-BYOS | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | SUSE Manager Proxy Module 4.3 | ? < 4.3.33-150400.3.55.2 | affected |
| SUSE | SUSE Manager Server Module 4.3 | ? < 4.3.33-150400.3.55.2 | affected |
Weaknesses
- CWE-256: CWE-256: Plaintext Storage of a Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.