PT-2023-14620 · Suse · Suse Linux Enterprise Server 15 Sp3+4

Marcus Meissner

+1

·

Publicado

2023-02-15

·

Atualizado

2024-06-15

·

CVE-2022-45154

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 12 supportutils versions 3.0.10-95.51.1 and prior versions SUSE Linux Enterprise Server 15 supportutils versions 3.1.21-150000.5.44.1 and prior versions SUSE Linux Enterprise Server 15 SP3 supportutils versions 3.1.21-150300.7.35.15.1 and prior versions
Description A Cleartext Storage of Sensitive Information issue in supportutils of SUSE Linux Enterprise Server allows attackers that gain access to the support logs to obtain knowledge of the stored credentials.
Recommendations For SUSE Linux Enterprise Server 12 supportutils versions 3.0.10-95.51.1 and prior versions, update to a version later than 3.0.10-95.51.1 to resolve the issue. For SUSE Linux Enterprise Server 15 supportutils versions 3.1.21-150000.5.44.1 and prior versions, update to a version later than 3.1.21-150000.5.44.1 to resolve the issue. For SUSE Linux Enterprise Server 15 SP3 supportutils versions 3.1.21-150300.7.35.15.1 and prior versions, update to a version later than 3.1.21-150300.7.35.15.1 to resolve the issue.

Exploit

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2022-45154
OPENSUSE-SU-2023_3822-1
OPENSUSE-SU-2024:12970-1
SUSE-SU-2023:2465-1
SUSE-SU-2023:3803-1
SUSE-SU-2023:3822-1
SUSE-SU-2023:3822-2
SUSE-SU-2023_2465-1
SUSE-SU-2023_3803-1
SUSE-SU-2023_3822-1

Produtos afetados

Suse Linux Enterprise Server 12
Suse Linux Enterprise Server 15
Suse Linux Enterprise Server 15 Sp3
Suse
Supportutils