Lucene search

K
ibmIBM65FD8B34226EC777D11D14977EFD4CBA1E4D8568AB599BC0C0CEE63C0E4684D4
HistoryJan 11, 2022 - 8:10 p.m.

Security Bulletin: Vulnerabilitiy affects IBM Observability with Instana

2022-01-1120:10:06
www.ibm.com
88

EPSS

0.006

Percentile

79.1%

Summary

Vulnerabilities detected in Node.js versions before v14.17.5 affects IBM Observability with Instana

Vulnerability Details

CVEID:CVE-2021-22940
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to change process behavior.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207520 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Observability with Instana (OnPrem) All

Remediation/Fixes

Update your existing installation of IBM Observability with Instana as described here: <https://www.instana.com/docs/self_hosted_instana/operations#upgrade-your-container-based-installation&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm instana observabilityeq209