SUSE CVE-2023-51385

🗓️ 20 Dec 2023 02:06:51Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 2 Views

SUSE CVE-2023-51385: OpenSSH before 9.6 allows OS command injection via shell metacharacters in username or hostname.

Reporter	Title	Published	Views	Family All 252
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH [CVE-2023-51385]	3 Oct 202417:47	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish) [CVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617].	20 May 202509:21	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol	4 Feb 202518:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-46813, CVE-2023-51385, CVE-2023-48795)	17 Jul 202414:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	18 Aug 202514:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities	15 Apr 202502:50	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH	14 Mar 202420:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-51385]	12 Nov 202412:45	–	ibm
IBM Security Bulletins	Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation. [CVE-2023-51385]	23 Feb 202417:15	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus	20 Mar 202418:36	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
SUSE Linux Enterprise Server	16.0	any	openssh	10.0p2-160000.2.2	openssh-10.0p2-160000.2.2.noarch.rpm
SUSE Linux Enterprise Server	12.3	any	openssh	7.2p2-74.69.1	openssh-7.2p2-74.69.1.noarch.rpm
SUSE Linux Enterprise Server	12.5	any	openssh	7.2p2-81.12.1	openssh-7.2p2-81.12.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.5	any	openssh	7.2p2-81.12.1	openssh-7.2p2-81.12.1.noarch.rpm
SUSE Linux Enterprise Server	15.2	any	openssh	8.1p1-150200.5.46.1	openssh-8.1p1-150200.5.46.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.2	any	openssh	8.1p1-150200.5.46.1	openssh-8.1p1-150200.5.46.1.noarch.rpm
OpenSUSE Leap	15.5	any	openssh	8.4p1-150300.3.30.1	openssh-8.4p1-150300.3.30.1.noarch.rpm
OpenSUSE Leap Micro	5.3	any	openssh	8.4p1-150300.3.30.1	openssh-8.4p1-150300.3.30.1.noarch.rpm
OpenSUSE Leap Micro	5.4	any	openssh	8.4p1-150300.3.30.1	openssh-8.4p1-150300.3.30.1.noarch.rpm
OpenSUSE Leap Micro	5.5	any	openssh	8.4p1-150300.3.30.1	openssh-8.4p1-150300.3.30.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2023-51385
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1218215
bugzilla	www.bugzilla.suse.com/1218708
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-February/017998.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-February/018002.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-February/018001.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2024-July/018919.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2025-June/021369.html

05 Jun 2026 03:56Current

7.2High risk

Vulners AI Score7.2

CVSS 3.16.5

EPSS0.18499

OpenSSH Shell metacharacters Expansion token Untrusted submodule Git repository