Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Observability with Instana
CVEID:CVE-2021-22921
**DESCRIPTION:**Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in the installation directory. Under certain conditions. An attacker could exploit this vulnerability to perform PATH and DLL hijacking attacks.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204785 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-22918
**DESCRIPTION:**Node.js is vulnerable to a denial of service, caused by an out-of-bounds read in the libuvโs uv__idna_toascii() function. By invoking the function using dns moduleโs lookup() function, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204784 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Observability with Instana (OnPrem) | All |
Update your existing installation of IBM Observability with Instana as described here: <https://www.instana.com/docs/self_hosted_instana/operations#upgrade-your-container-based-installation>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm instana observability | eq | 209 |