Vulnerability Details : CVE-2022-45154
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Products affected by CVE-2022-45154
- cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*
- cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-45154
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-45154
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
1.8
|
2.5
|
SUSE | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-45154
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: meissner@suse.de (Primary)
References for CVE-2022-45154
-
https://bugzilla.suse.com/show_bug.cgi?id=1207598
Bug 1207598 – VUL-0: CVE-2022-45154: supportconfig: does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.shExploit;Issue Tracking
Jump to