PT-2025-31552 · Suse · Suse Manager Server Module 4.3+5
Oscar Barrios
·
Published
2025-07-23
·
Updated
2025-09-03
·
CVE-2025-46809
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SUSE Multi Linux Manager versions prior to 5.0.27-150600.3.33.1
Image SLES15-SP4-Manager-Server-4-3-BYOS versions prior to 4.3.87-150400.3.110.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure versions prior to 4.3.87-150400.3.110.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 versions prior to 4.3.87-150400.3.110.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE versions prior to 4.3.87-150400.3.110.2
SUSE Manager Server Module 4.3 versions prior to 4.3.87-150400.3.110.2
Description
A vulnerability exists where sensitive information, specifically HTTP proxy credentials, is inserted into log files. This exposure can compromise the confidentiality of these credentials.
Recommendations
Update Container suse/manager/5.0/x86 64/server to version 5.0.27-150600.3.33.1 or later.
Update Image SLES15-SP4-Manager-Server-4-3-BYOS to version 4.3.87-150400.3.110.2 or later.
Update Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure to version 4.3.87-150400.3.110.2 or later.
Update Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 to version 4.3.87-150400.3.110.2 or later.
Update Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE to version 4.3.87-150400.3.110.2 or later.
Update SUSE Manager Server Module 4.3 to version 4.3.87-150400.3.110.2 or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Image Sles15-Sp4-Manager-Server-4-3-Byos
Image Sles15-Sp4-Manager-Server-4-3-Byos-Azure
Image Sles15-Sp4-Manager-Server-4-3-Byos-Ec2
Suse Manager Server Module 4.3
Suse Multi Linux Manager
Suse/Manager/5.0/X86 64/Server