Elastic Kibana 资源管理错误漏洞

Elastic Kibana is an available data visualization dashboard software from Elastic, Inc. A resource management error vulnerability exists in Elastic Kibana versions 7.17.0 through 7.17.22 and 8.0.0 through 8.15.0, which stems from a flaw in the handling of ad-hoc requests to the Observability API...

PT-2025-15466 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A specially crafted request sent to an Observability API could cause the Kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability...

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.291 Vulnerability Details CVEID:CVE-2021-20293 DESCRIPTION: RESTEasy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit thi...

Security Bulletin: IBM Observability with Instana for Self-Hosted Standard Edition is affected by multiple Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana for Self-Hosted Standard Edition 291 CVE-2024-45337, CVE-2024-41110, CVE-2024-3596 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 291 Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...

A Bootiful Podcast: Jonatan Ivanov, observability legend on the Micrometer team

Hi, Spring fans! In this installment we talk to one of the Willy Wonka's of observability, the amazing Jonatan Ivanov! This episode was recorded at ConFoo 2025...

Security Bulletin: Due to use of go-git, IBM Instana Observability is vulnerable to a denial of service and argument injection vulnerability.

Summary go-git is used by IBM Instana Observability CVE-2025-21613, CVE-2025-21614 Vulnerability Details CVEID:CVE-2025-21613 DESCRIPTION: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to...

Important: Red Hat Security Advisory: Cluster Observability Operator 1.0.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. With this release, COO gets to GA availability...

CVE-2023-3010

Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability...

Security Bulletin: IBM Instana Observability is vulnerable to AuthZ Plugin Bypass and Privilege Escalation

Summary Vulnerability in Docker Engine that could allow attackers to bypass authorization plugins AuthZ was remediated in IBM Observability with Instana Build 279. CVE-2024-41110 Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software...

Security Bulletin:Psf Requests Vulnerability Affects IBM Data Observability by Databand Self-Hosted (CVE-2024-35195)

Summary A vulnerability in Psf Requests was addressed in IBM Data Observability by Databand Self-Hosted Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementati...

Security Bulletin: sqlparse Vulnerability Affects IBM Data Observability by Databand Self-Hosted (CVE-2024-4340)

Summary A vulnerability in sqlparse was addressed in IBM Data Observability by Databand Self-Hosted Vulnerability Details CVEID:CVE-2024-4340 DESCRIPTION: sqlparse is vulnerable to a denial of service, caused by a flaw when passing a heavily nested list to the parse function. By sending a special...

Security Bulletin:cryptography-42.0.7-cp39-abi3-manylinux_2_28_x86_64.whl Vulnerability Affects IBM Data Observability by Databand (CVE-2024-6119)

Summary A vulnerability in cryptography-42.0.7-cp39-abi3-manylinux228x8664.whl was addressed in IBM Data Observability by Databand Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g.,...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 288 Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0...

CVE-2024-52972

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana...

CVE-2024-52972 Kibana allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana...

CVE-2024-52972 Kibana allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana...

CVE-2024-52973

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/logentries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana...

CVE-2024-52973 Kibana allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/logentries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana...

CVE-2024-52973 Kibana allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/logentries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana...