Lucene search
HistoryOct 04, 2023 - 2:15 a.m.
CVE-2023-37404
ibm observability
vulnerability
dns poisoning
arbitrary code
network
x-force id
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0.001
Percentile
49.1%
IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.
Affected configurations
Node
ibmobservability_with_instanaRange1.0.243–1.0.255
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | observability_with_instana | * | cpe:2.3:a:ibm:observability_with_instana:*:*:*:*:*:*:*:* |
Related
ibm
ibm
cve
cve
CVE-2023-37404
2023-10-04 02:15:09
prion
prion
Code injection
2023-10-04 02:15:00
cvelist
cvelist
CVE-2023-37404 IBM Observability with Instana code execution
2023-10-04 01:17:44
vulnrichment
vulnrichment
CVE-2023-37404 IBM Observability with Instana code execution
2023-10-04 01:17:44
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.1
Confidence
High
EPSS
0.001
Percentile
49.1%
Related for NVD:CVE-2023-37404