Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.298 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...

Moderate: Red Hat Security Advisory: Network Observability 1.9.0 for OpenShift

Network Observability 1.9 for Red Hat OpenShift. Network flows collector and monitoring solution...

Perry: a High-Level Framework for Accelerating Cyber Deception Experimentation

Cyber deception aims to distract, delay, and detect network attackers with fake assets such as honeypots, decoy credentials, or decoy files. However, today, it is difficult for operators to experiment, explore, and evaluate deception approaches. Existing tools and platforms have non-portable and...

A Bootiful Podcast: Micrometer.io lead Tommy Ludwig on the latest-and-greatest in observability for the Spring developer

Hi, Spring fans! In this episode, I talk to Micrometer.io lead Tommy Ludwig on the latest-and-greatest in observability for the Spring developer...

TencentOS Server 3: grafana (TSSA-2022:0233)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0233 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-2843

A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with ClusterRole upon deployment of the Namespace-Scoped Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the creation of a ServiceAccount with cluster-level privileges during deployment of a namespace-scoped custom resource. An attacker can gain elevated cluster-wide permissions by impersonating the...

CVE-2025-26395

SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting XSS vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required...

CVE-2025-26394

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...

observability Operator 安全漏洞

observability Operator is a Red Hat Observability open source software for creating required monitoring stacks on Kubernetes clusters. A security vulnerability exists in observability Operator that stems from the creation of a ServiceAccount with a ClusterRole, which could lead to elevated...

CVE-2025-26394

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...

CVE-2025-26395

CVE-2025-26395 concerns SolarWinds Observability Self-Hosted, where an XSS vulnerability arises from an unsanitized URL field. The attack requires an administrator-level account and user interaction. Affected component details (version ranges, specific modules) and exact root cause are not explic...

CVE-2025-26394

CVE-2025-26394 affects SolarWinds Observability Self-Hosted and is an open redirection vulnerability caused by insufficient URL sanitization. The core issue is improper URL cleanup that could redirect users to a malicious site. The CVE entry lists CVSS v3.1 base score 4.8 (Medium) with adjacent a...

SolarWinds Observability Self-Hosted 跨站脚本漏洞

SolarWinds Observability Self-Hosted is an observation platform from SolarWinds, Inc. A cross-site scripting vulnerability exists in SolarWinds Observability Self-Hosted that stems from insufficient URL field cleanup and could lead to a cross-site scripting attack...

SolarWinds Observability Self-Hosted 输入验证错误漏洞

SolarWinds Observability Self-Hosted is an observation platform from SolarWinds USA. SolarWinds Observability Self-Hosted suffers from an input validation error vulnerability that stems from improper URL cleanup, which could lead to an open redirection attack...

PT-2025-24667 · Solarwinds · Solarwinds Observability Self-Hosted

Name of the Vulnerable Software and Affected Versions: SolarWinds Observability Self-Hosted affected versions not specified Description: The issue is related to a cross-site scripting XSS vulnerability due to an unsanitized field in the URL. The attack requires authentication using an...

PT-2025-24666 · Solarwinds · Solarwinds Observability Self-Hosted

Name of the Vulnerable Software and Affected Versions: SolarWinds Observability Self-Hosted affected versions not specified Description: The issue concerns an open redirection vulnerability where the URL is not properly sanitized. This could allow an attacker to manipulate the string and redirect...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.297 Vulnerability Details CVEID:CVE-2023-6918 DESCRIPTION: A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.297 Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by multiple critical security vulnerabilities

Summary Multiple critical vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 1.0.296 CVE-2025-32911, CVE-2025-24264 Vulnerability Details CVEID:CVE-2025-32911 DESCRIPTION: A use-after-free type vulnerability was found in libsoup, in the...