CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
41.6%
Docker based datastores for IBM Instana do not currently require authentication. Due to this, an attacker with network or system access to the datastores could interrogate the datastores with read/write privileges (CVE-2023-27290).
CVEID:CVE-2023-27290
**DESCRIPTION:**Docker based datastores for IBM Instana do not currently require authentication. Due to this, an attacker within the network or on the system could access the datastores with read/write access.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248737 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Observability with Instana |
239-0 to 239-4
241-0 to 241-5
243-0 to 243-6
245-0 to 245-2
IBM strongly recommends addressing the vulnerability now.
Upgrading your Instana console:
<https://www.ibm.com/docs/en/instana-observability/current?topic=premises-operations-docker-based-instana>
Use your appropriate package manager command to update to a desired package version of Instana console.
See the following example for Ubuntu:
To get the latest version, run the command as follows:
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | observability_with_instana | 239 | cpe:2.3:a:ibm:observability_with_instana:239:*:*:*:*:*:*:* |
ibm | observability_with_instana | 0 | cpe:2.3:a:ibm:observability_with_instana:0:*:*:*:*:*:*:* |
ibm | observability_with_instana | 4 | cpe:2.3:a:ibm:observability_with_instana:4:*:*:*:*:*:*:* |
ibm | observability_with_instana | 241 | cpe:2.3:a:ibm:observability_with_instana:241:*:*:*:*:*:*:* |
ibm | observability_with_instana | 5 | cpe:2.3:a:ibm:observability_with_instana:5:*:*:*:*:*:*:* |
ibm | observability_with_instana | 243 | cpe:2.3:a:ibm:observability_with_instana:243:*:*:*:*:*:*:* |
ibm | observability_with_instana | 6 | cpe:2.3:a:ibm:observability_with_instana:6:*:*:*:*:*:*:* |
ibm | observability_with_instana | 245 | cpe:2.3:a:ibm:observability_with_instana:245:*:*:*:*:*:*:* |
ibm | observability_with_instana | 2 | cpe:2.3:a:ibm:observability_with_instana:2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
41.6%