Detections
Analytics
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:0485-1)
high Nessus Plugin ID 190654
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0485-1 advisory.- jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. (CVE-2023-31582)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1170848
https://bugzilla.suse.com/1210911
https://bugzilla.suse.com/1211254
https://bugzilla.suse.com/1211560
https://bugzilla.suse.com/1211912
https://bugzilla.suse.com/1213079
https://bugzilla.suse.com/1213507
https://bugzilla.suse.com/1213738
https://bugzilla.suse.com/1213981
https://bugzilla.suse.com/1214077
https://bugzilla.suse.com/1214791
https://bugzilla.suse.com/1215166
https://bugzilla.suse.com/1215514
https://bugzilla.suse.com/1215769
https://bugzilla.suse.com/1215810
https://bugzilla.suse.com/1215813
https://bugzilla.suse.com/1215982
https://bugzilla.suse.com/1216114
https://bugzilla.suse.com/1216394
https://bugzilla.suse.com/1216437
https://bugzilla.suse.com/1216550
https://bugzilla.suse.com/1216609
https://bugzilla.suse.com/1216657
https://bugzilla.suse.com/1216753
https://bugzilla.suse.com/1216781
https://bugzilla.suse.com/1216988
https://bugzilla.suse.com/1217069
https://bugzilla.suse.com/1217209
https://bugzilla.suse.com/1217588
https://bugzilla.suse.com/1217784
https://bugzilla.suse.com/1217869
https://bugzilla.suse.com/1218019
https://bugzilla.suse.com/1218074
https://bugzilla.suse.com/1218075
https://bugzilla.suse.com/1218089
https://bugzilla.suse.com/1218094
https://bugzilla.suse.com/1218146
https://bugzilla.suse.com/1218490
https://bugzilla.suse.com/1218615
https://bugzilla.suse.com/1218669
https://bugzilla.suse.com/1218837
https://bugzilla.suse.com/1218849
https://bugzilla.suse.com/1219151
https://bugzilla.suse.com/1219449
https://bugzilla.suse.com/1219577
https://bugzilla.suse.com/1219850
http://www.nessus.org/u?62e9cede
Plugin Details
Severity: High
ID: 190654
File Name: suse_SU-2024-0485-1.nasl
Version: 1.0
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/17/2024
Updated: 2/17/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N
CVSS Score Source: CVE-2023-31582
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:saltboot-formula, p-cpe:/a:novell:suse_linux:spacewalk-base-minimal-config, p-cpe:/a:novell:suse_linux:patterns-suma_retail, p-cpe:/a:novell:suse_linux:subscription-matcher, p-cpe:/a:novell:suse_linux:susemanager-sls, p-cpe:/a:novell:suse_linux:python3-spacewalk-certs-tools, p-cpe:/a:novell:suse_linux:patterns-suma_server, p-cpe:/a:novell:suse_linux:spacewalk-base-minimal, p-cpe:/a:novell:suse_linux:spacewalk-utils-extras, p-cpe:/a:novell:suse_linux:spacewalk-backend-iss-export, p-cpe:/a:novell:suse_linux:spacewalk-java-postgresql, p-cpe:/a:novell:suse_linux:susemanager-schema-utility, p-cpe:/a:novell:suse_linux:python3-spacewalk-client-tools, p-cpe:/a:novell:suse_linux:spacewalk-html, p-cpe:/a:novell:suse_linux:spacewalk-java-config, p-cpe:/a:novell:suse_linux:spacewalk-certs-tools, p-cpe:/a:novell:suse_linux:spacecmd, p-cpe:/a:novell:suse_linux:spacewalk-backend-app, p-cpe:/a:novell:suse_linux:inter-server-sync, p-cpe:/a:novell:suse_linux:susemanager-schema, p-cpe:/a:novell:suse_linux:cobbler, p-cpe:/a:novell:suse_linux:spacewalk-backend-tools, p-cpe:/a:novell:suse_linux:susemanager-docs_en, p-cpe:/a:novell:suse_linux:spacewalk-setup, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files, p-cpe:/a:novell:suse_linux:spacewalk-backend-xml-export-libs, p-cpe:/a:novell:suse_linux:supportutils-plugin-susemanager, p-cpe:/a:novell:suse_linux:grafana-formula, p-cpe:/a:novell:suse_linux:spacewalk-base, p-cpe:/a:novell:suse_linux:susemanager-build-keys, p-cpe:/a:novell:suse_linux:susemanager-tools, p-cpe:/a:novell:suse_linux:jose4j, p-cpe:/a:novell:suse_linux:spacewalk-backend-iss, p-cpe:/a:novell:suse_linux:spacewalk-backend-applet, p-cpe:/a:novell:suse_linux:spacewalk-backend-server, p-cpe:/a:novell:suse_linux:susemanager-docs_en-pdf, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:uyuni-config-modules, p-cpe:/a:novell:suse_linux:spacewalk-backend-xmlrpc, p-cpe:/a:novell:suse_linux:spacewalk-taskomatic, p-cpe:/a:novell:suse_linux:spacewalk-backend, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files-common, p-cpe:/a:novell:suse_linux:spacewalk-client-tools, p-cpe:/a:novell:suse_linux:spacewalk-java, p-cpe:/a:novell:suse_linux:prometheus-postgres_exporter, p-cpe:/a:novell:suse_linux:spacewalk-utils, p-cpe:/a:novell:suse_linux:liberate-formula, p-cpe:/a:novell:suse_linux:susemanager-sync-data, p-cpe:/a:novell:suse_linux:susemanager-build-keys-web, p-cpe:/a:novell:suse_linux:prometheus-formula, p-cpe:/a:novell:suse_linux:spacewalk-backend-config-files-tool, p-cpe:/a:novell:suse_linux:uyuni-reportdb-schema, p-cpe:/a:novell:suse_linux:spacewalk-backend-sql, p-cpe:/a:novell:suse_linux:spacewalk-java-lib, p-cpe:/a:novell:suse_linux:susemanager, p-cpe:/a:novell:suse_linux:spacewalk-backend-package-push-server, p-cpe:/a:novell:suse_linux:spacewalk-backend-sql-postgresql
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 2/15/2024
Vulnerability Publication Date: 10/25/2023
Reference Information
CVE: CVE-2023-31582, CVE-2023-32189
SuSE: SUSE-SU-2024:0485-1