Vulnerability detected in Elasticsearch before version 7.10.2 affects IBM Observability with Instana
CVEID:CVE-2021-22132
**DESCRIPTION:**Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the async search API. By reading the .tasks index, an attacker could exploit this vulnerability to obtain sensitive request headers of other users in the cluster.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194942 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Observability with Instana (OnPrem) | All |
Update your existing installation of IBM Observability with Instana as described here: <https://www.instana.com/docs/self_hosted_instana/operations#upgrade-your-container-based-installation>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm instana observability | eq | 209 |