CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 282
CVEID:CVE-2024-24790
**DESCRIPTION:**An unspecified error related to various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses in the net/netip package in Golang Go has an unknown impact and attack vector.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292953 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2024-34156
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/354342 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-24786
**DESCRIPTION:**Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop flaw in the rotojson.Unmarshal function when unmarshaling certain forms of invalid JSON. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285337 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-24789
**DESCRIPTION:**Golang Go could allow a local attacker to bypass security restrictions, caused by a flaw with EOCDR comment length handling is inconsistent with other ZIP implementations in the archive/zip package. By sending a specially crafted request, an attacker could exploit this vulnerability to create an zip file with contents that vary depending on the implementation reading the file.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292952 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2024-24791
**DESCRIPTION:**Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending “Expect: 100-continue” requests, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298554 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-34155
**DESCRIPTION:*Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in all Parse functions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/354341 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-34158
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Parse. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/354343 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Observability with Instana (OnPrem) | Build 270 to 281 |
IBM strongly recommends addressing these vulnerabilities now by updating IBM Observability with Instana to the latest release as described here:
<https://www.ibm.com/docs/en/instana-observability/current>
Affected Product(s) | Version(s) | Remediation/Fixes/Instructions |
---|---|---|
IBM Observability with Instana (OnPrem) | Build 270 to 281 | Build 282 |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | observability_with_instana | 270 | cpe:2.3:a:ibm:observability_with_instana:270:*:*:*:*:*:*:* |
ibm | observability_with_instana | 281 | cpe:2.3:a:ibm:observability_with_instana:281:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High