Security Bulletin: Vulnerability affects IBM Observability with Instana

Summary

Vulnerability detected in Elasticsearch before version 7.10.2 affects IBM Observability with Instana

Vulnerability Details

CVEID:CVE-2021-22132
**DESCRIPTION:**Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the async search API. By reading the .tasks index, an attacker could exploit this vulnerability to obtain sensitive request headers of other users in the cluster.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194942 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

Update your existing installation of IBM Observability with Instana as described here: <https://www.instana.com/docs/self_hosted_instana/operations#upgrade-your-container-based-installation&gt;

Workarounds and Mitigations

None