PT-2025-31552 · Suse · Image Sles15-Sp4-Manager-Server-4-3-Byos-Azure +5

Oscar Barrios

·

Published

2025-07-31

·

Updated

2025-07-31

·

CVE-2025-46809

Report an issue
CVSS v3.1
5.7
VectorAV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions:

SUSE Multi Linux Manager versions prior to 5.0.27-150600.3.33.1

Image SLES15-SP4-Manager-Server-4-3-BYOS versions prior to 4.3.87-150400.3.110.2

Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure versions prior to 4.3.87-150400.3.110.2

Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 versions prior to 4.3.87-150400.3.110.2

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE versions prior to 4.3.87-150400.3.110.2

SUSE Manager Server Module 4.3 versions prior to 4.3.87-150400.3.110.2

Description:

A vulnerability exists where sensitive information, specifically HTTP proxy credentials, is inserted into log files. This exposure can compromise the confidentiality of these credentials.

Recommendations:

Update Container suse/manager/5.0/x86 64/server to version 5.0.27-150600.3.33.1 or later.

Update Image SLES15-SP4-Manager-Server-4-3-BYOS to version 4.3.87-150400.3.110.2 or later.

Update Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure to version 4.3.87-150400.3.110.2 or later.

Update Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 to version 4.3.87-150400.3.110.2 or later.

Update Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE to version 4.3.87-150400.3.110.2 or later.

Update SUSE Manager Server Module 4.3 to version 4.3.87-150400.3.110.2 or later.

Fix

Insertion into Log File

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2025-46809

Affected Products

Image Sles15-Sp4-Manager-Server-4-3-Byos
Image Sles15-Sp4-Manager-Server-4-3-Byos-Azure
Image Sles15-Sp4-Manager-Server-4-3-Byos-Ec2
Suse Manager Server Module 4.3
Suse Multi Linux Manager
Suse/Manager/5.0/X86 64/Server