PT-2023-14620 · Suse · Suse Linux Enterprise Server 15 Sp3+4
Marcus Meissner
+1
·
Published
2023-02-15
·
Updated
2024-06-15
·
CVE-2022-45154
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SUSE Linux Enterprise Server 12 supportutils versions 3.0.10-95.51.1 and prior versions
SUSE Linux Enterprise Server 15 supportutils versions 3.1.21-150000.5.44.1 and prior versions
SUSE Linux Enterprise Server 15 SP3 supportutils versions 3.1.21-150300.7.35.15.1 and prior versions
Description
A Cleartext Storage of Sensitive Information issue in supportutils of SUSE Linux Enterprise Server allows attackers that gain access to the support logs to obtain knowledge of the stored credentials.
Recommendations
For SUSE Linux Enterprise Server 12 supportutils versions 3.0.10-95.51.1 and prior versions, update to a version later than 3.0.10-95.51.1 to resolve the issue.
For SUSE Linux Enterprise Server 15 supportutils versions 3.1.21-150000.5.44.1 and prior versions, update to a version later than 3.1.21-150000.5.44.1 to resolve the issue.
For SUSE Linux Enterprise Server 15 SP3 supportutils versions 3.1.21-150300.7.35.15.1 and prior versions, update to a version later than 3.1.21-150300.7.35.15.1 to resolve the issue.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse Linux Enterprise Server 12
Suse Linux Enterprise Server 15
Suse Linux Enterprise Server 15 Sp3
Suse
Supportutils