Lucene search
K

72 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 9:39 a.m.45 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 271 Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an incorrect cipher key and IV length processing during the...

7.5CVSS7.5AI score0.03332EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/18 1:43 p.m.44 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 271 Vulnerability Details CVEID:CVE-2024-22259 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability i...

8.1CVSS7.3AI score0.03967EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/17 6:45 a.m.39 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 269. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...

7.5CVSS9.2AI score0.08665EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/17 6:43 a.m.84 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 270. Vulnerability Details CVEID:CVE-2024-29133 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by ...

7.5CVSS8.6AI score0.02054EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/31 1:53 p.m.47 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 269 Vulnerability Details CVEID:CVE-2020-15522 DESCRIPTION: Bouncy Castle BC Java, BC C .NET, BC-FJA, BC-FNA could allow a remote attacker to obtain sensitive information, caused by a timing issue within the ...

7.7CVSS8AI score0.1158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:52 p.m.53 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 267 Vulnerability Details CVEID:CVE-2024-20919 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause hi...

7.5CVSS8.3AI score0.00857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:44 p.m.34 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 262 Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content...

9.8CVSS9.4AI score0.99615EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:21 p.m.54 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 268 Vulnerability Details CVEID:CVE-2023-22041 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local attacker to cause high confidentiality...

9.8CVSS8.1AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/08 5:28 a.m.35 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Postgresql JDBC

Summary Vulnerabilities in Postgresql JDBC were remediated in IBM Observability with Instana build 267. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created readabl...

5.5CVSS5.4AI score0.0048EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/16 8:48 a.m.41 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 265 Vulnerability Details CVEID:CVE-2023-34062 DESCRIPTION: VMware Tanzu Reactor Netty could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An...

7.5CVSS8.3AI score0.01219EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 3:9 p.m.19 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 265. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit...

7.5CVSS8.5AI score0.01707EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 4:46 a.m.26 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Apache RocketMQ

Summary Vulnerabilities in Apache RocketMQ were remediated in IBM Observability with Instana build 255. Vulnerability Details CVEID:CVE-2023-33246 DESCRIPTION: Apache RocketMQ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when using the update...

9.8CVSS9.9AI score0.96604EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 6:10 a.m.36 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 261 Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a...

7.5CVSS10AI score0.12945EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/29 7:2 a.m.33 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Golang GO and VMware Tanzu Spring Framework

Summary Vulnerabilities in GolangGo and VMware Tanzu Spring Framework were remediated in IBM Observability with Instana build 261. Vulnerability Details CVEID:CVE-2023-29405 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when running...

9.8CVSS9.5AI score0.03514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/17 3:30 p.m.44 views

Security Bulletin: Remote code execution / denial of service attack is possible in IBM Observability with Instana (Self-hosted on Docker) due to use of Apache Kafka

Summary Apache Kafka is used by IBM Observability with Instana Self-hosted on Docker as part of it's container images. CVE-2023-25194 Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by...

8.8CVSS9AI score0.95302EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/17 2:45 p.m.37 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Observability with Instana (Agent container image)

Summary OpenSSL is used by IBM Observability with Instana Self-hosted on Docker as part of it's container images. CVE-2023-0286, CVE-2022-4304, CVE-2023-0215, CVE-2022-4450, CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401 Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL i...

7.5CVSS8AI score0.59501EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/10/04 2:15 a.m.16 views

CVE-2023-37404

IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789...

9.8CVSS8.1AI score0.00782EPSS
Exploits0References2
OSV
OSV
added 2023/10/04 2:15 a.m.1 views

CVE-2023-37404

IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789...

9.8CVSS6.1AI score0.00782EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.4 views

PT-2023-25946 · Ibm · Ibm Observability With Instana

Name of the Vulnerable Software and Affected Versions: IBM Observability with Instana versions 1.0.243 through 1.0.254 Description: The issue allows an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. Recommendations: For versions 1.0.243...

9.8CVSS9.6AI score0.00782EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/26 4:24 p.m.66 views

Security Bulletin: Docker based datastores for IBM Instana do not currently require authentication

Summary Docker based datastores for IBM Instana do not currently require authentication. Due to this, an attacker with network or system access to the datastores could interrogate the datastores with read/write privileges CVE-2023-27290. Vulnerability Details CVEID:CVE-2023-27290 DESCRIPTION:...

9.1CVSS9.1AI score0.08573EPSS
Exploits3Affected Software1
Rows per page
Query Builder