rpm package
suse/supportutils-plugin-susemanager&distro=SUSE Manager Server Module 4.3
pkg:rpm/suse/supportutils-plugin-susemanager&distro=SUSE%20Manager%20Server%20Module%204.3
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46809 | Med | 5.7 | < 4.3.15-150400.3.33.2 | 4.3.15-150400.3.33.2 | Jul 31, 2025 | A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7. | |
| CVE-2025-46811 | Cri | 9.8 | < 4.3.15-150400.3.33.2 | 4.3.15-150400.3.33.2 | Jul 30, 2025 | A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-15060 | |
| CVE-2025-23393 | Med | 5.2 | < 4.3.15-150400.3.33.2 | 4.3.15-150400.3.33.2 | May 27, 2025 | A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3 | |
| CVE-2025-23392 | Med | 5.2 | < 4.3.15-150400.3.33.2 | 4.3.15-150400.3.33.2 | May 26, 2025 | A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3. | |
| CVE-2023-32189 | Med | 5.9 | < 4.3.10-150400.3.18.5 | 4.3.10-150400.3.18.5 | Oct 16, 2024 | Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | |
| CVE-2023-51775 | — | < 4.3.11-150400.3.21.4 | 4.3.11-150400.3.21.4 | Dec 25, 2023 | The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. | ||
| CVE-2023-31582 | — | < 4.3.10-150400.3.18.5 | 4.3.10-150400.3.18.5 | Oct 24, 2023 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | ||
| CVE-2023-22644 | — | < 4.3.7-150400.3.9.6 | 4.3.7-150400.3.9.6 | Sep 20, 2023 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||
| CVE-2022-1415 | — | < 4.3.6-150400.3.6.3 | 4.3.6-150400.3.6.3 | Sep 11, 2023 | A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. | ||
| CVE-2023-29409 | — | < 4.3.9-150400.3.15.13 | 4.3.9-150400.3.15.13 | Aug 2, 2023 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr |
- affected < 4.3.15-150400.3.33.2fixed 4.3.15-150400.3.33.2
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.
- affected < 4.3.15-150400.3.33.2fixed 4.3.15-150400.3.33.2
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-15060
- affected < 4.3.15-150400.3.33.2fixed 4.3.15-150400.3.33.2
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3
- affected < 4.3.15-150400.3.33.2fixed 4.3.15-150400.3.33.2
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.
- affected < 4.3.10-150400.3.18.5fixed 4.3.10-150400.3.18.5
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys
- CVE-2023-51775Dec 25, 2023affected < 4.3.11-150400.3.21.4fixed 4.3.11-150400.3.21.4
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
- CVE-2023-31582Oct 24, 2023affected < 4.3.10-150400.3.18.5fixed 4.3.10-150400.3.18.5
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
- CVE-2023-22644Sep 20, 2023affected < 4.3.7-150400.3.9.6fixed 4.3.7-150400.3.9.6
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- CVE-2022-1415Sep 11, 2023affected < 4.3.6-150400.3.6.3fixed 4.3.6-150400.3.6.3
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
- CVE-2023-29409Aug 2, 2023affected < 4.3.9-150400.3.15.13fixed 4.3.9-150400.3.15.13
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr