5.5
CVE-2022-45154
- EPSS 0.01%
- Veröffentlicht 15.02.2023 10:15:17
- Zuletzt bearbeitet 21.11.2024 07:28:51
- Quelle meissner@suse.de
- Teams Watchlist Login
- Unerledigt Login
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opensuse ≫ Supportutils Version <= 3.0.10-95.51.1
Opensuse ≫ Supportutils Version <= 3.1.21-150000.5.44.1
Opensuse ≫ Supportutils Version <= 3.1.21-150300.7.35.15.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.01 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| meissner@suse.de | 4.4 | 1.8 | 2.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.