Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Image SLES15-SP4-Manager-Server-4-3-BYOS by SUSE

    CVE-2025-46809 (GCVE-0-2025-46809)

    Vulnerability from nvd – Published: 2025-07-31 15:24 – Updated: 2025-09-03 07:12
    VLAI
    Title
    Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs
    Summary
    A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1 Affected: ? , < 5.0.14-150600.4.17.1 (custom)
    Create a notification for this product.
    SUSE Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 Affected: ? , < 5.0.14-150600.4.17.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Proxy-4-3-BYOS Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Proxy Module 4.3 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Server Module 4.3 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    Date Public
    2025-07-23 12:28
    Credits
    Oscar Barrios of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T20:08:05.402246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T20:08:17.438Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0.14-150600.4.17.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0.14-150600.4.17.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "SUSE Manager Proxy Module 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "SUSE Manager Server Module 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Oscar Barrios of SUSE"
            }
          ],
          "datePublic": "2025-07-23T12:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.\u0026nbsp;\u003cp\u003eThis issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.\u003c/p\u003e"
                }
              ],
              "value": "A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.\u00a0This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "CWE-256: Plaintext Storage of a Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T07:12:41.584Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46809"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-46809",
        "datePublished": "2025-07-31T15:24:41.890Z",
        "dateReserved": "2025-04-30T11:28:04.728Z",
        "dateUpdated": "2025-09-03T07:12:41.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46811 (GCVE-0-2025-46811)

    Vulnerability from nvd – Published: 2025-07-30 14:20 – Updated: 2026-02-26 17:50
    VLAI
    Title
    SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint
    Summary
    A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2025-07-23 12:25
    Credits
    Simon Holl (MindBytes)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-02T03:55:51.733201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:03.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0.27-150600.3.33.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "SUSE Manager Server Module 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Simon Holl (MindBytes)"
            }
          ],
          "datePublic": "2025-07-23T12:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.\u0026nbsp;\u003cp\u003eThis issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.\u003c/p\u003e"
                }
              ],
              "value": "A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.\u00a0This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T07:03:41.669Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-46811",
        "datePublished": "2025-07-30T14:20:53.828Z",
        "dateReserved": "2025-04-30T11:28:04.729Z",
        "dateUpdated": "2026-02-26T17:50:03.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-46809 (GCVE-0-2025-46809)

    Vulnerability from cvelistv5 – Published: 2025-07-31 15:24 – Updated: 2025-09-03 07:12
    VLAI
    Title
    Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs
    Summary
    A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-256 - Plaintext Storage of a Password
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1 Affected: ? , < 5.0.14-150600.4.17.1 (custom)
    Create a notification for this product.
    SUSE Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 Affected: ? , < 5.0.14-150600.4.17.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Proxy-4-3-BYOS Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Proxy Module 4.3 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Server Module 4.3 Affected: ? , < 4.3.33-150400.3.55.2 (custom)
    Create a notification for this product.
    Date Public
    2025-07-23 12:28
    Credits
    Oscar Barrios of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T20:08:05.402246Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-31T20:08:17.438Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0.14-150600.4.17.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0.14-150600.4.17.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "SUSE Manager Proxy Module 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-backend",
              "product": "SUSE Manager Server Module 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.33-150400.3.55.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Oscar Barrios of SUSE"
            }
          ],
          "datePublic": "2025-07-23T12:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.\u0026nbsp;\u003cp\u003eThis issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.\u003c/p\u003e"
                }
              ],
              "value": "A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files.\u00a0This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "CWE-256: Plaintext Storage of a Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T07:12:41.584Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46809"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-46809",
        "datePublished": "2025-07-31T15:24:41.890Z",
        "dateReserved": "2025-04-30T11:28:04.728Z",
        "dateUpdated": "2025-09-03T07:12:41.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46811 (GCVE-0-2025-46811)

    Vulnerability from cvelistv5 – Published: 2025-07-30 14:20 – Updated: 2026-02-26 17:50
    VLAI
    Title
    SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint
    Summary
    A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2025-07-23 12:25
    Credits
    Simon Holl (MindBytes)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46811",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-02T03:55:51.733201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:03.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0.27-150600.3.33.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "spacewalk-java",
              "product": "SUSE Manager Server Module 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.3.87-150400.3.110.2",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Simon Holl (MindBytes)"
            }
          ],
          "datePublic": "2025-07-23T12:25:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.\u0026nbsp;\u003cp\u003eThis issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.\u003c/p\u003e"
                }
              ],
              "value": "A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client.\u00a0This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T07:03:41.669Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46811"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-46811",
        "datePublished": "2025-07-30T14:20:53.828Z",
        "dateReserved": "2025-04-30T11:28:04.729Z",
        "dateUpdated": "2026-02-26T17:50:03.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }