Suse Manager Server Module 4.3 vulnerabilities

CVE-2025-46809 [MEDIUM] CWE-256 CVE-2025-46809: A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy i A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x8

CVE-2025-46811 [CRITICAL] CWE-862 CVE-2025-46811: A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connec A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3

CVE-2025-23393 [MEDIUM] CWE-80 CVE-2025-23393: A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in  sp A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.

CVE-2025-23392 [MEDIUM] CWE-80 CVE-2025-23392: A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spa A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? befo

CVE-2024-49503 [MEDIUM] CWE-79 CVE-2024-49503: A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulner A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4

CVE-2024-49502 [MEDIUM] CWE-79 CVE-2024-49502: A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulner A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.

CVE-2023-32189 [MEDIUM] CWE-639 CVE-2023-32189: Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain a Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys