Lucene search
K

31 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 1:53 p.m.17 views

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.313 Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered ...

8.6CVSS6AI score0.02394EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 8:11 a.m.17 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.300 Vulnerability Details CVEID:CVE-2024-52533 DESCRIPTION: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow becau...

9.8CVSS9AI score0.01479EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:24 p.m.18 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.299 Vulnerability Details CVEID:CVE-2025-4330 DESCRIPTION: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

8.7CVSS8.3AI score0.35963EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:17 p.m.7 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.299 Vulnerability Details CVEID:CVE-2025-47436 DESCRIPTION: Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where...

9.8CVSS9.2AI score0.01952EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:16 p.m.9 views

Security Bulletin: IBM Observability with Instana is vulnerable to Path Traversal in python

Summary python is used by IBM Instana Observability as part of the instana-agent CVE-2025-4517. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-4517 DESCRIPTION: Allows arbitrary filesystem writes outside the extraction directory durin...

9.4CVSS7.1AI score0.01184EPSS
Exploits11Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.3 views

CVE-2023-27290

Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...

9.1CVSS6.5AI score0.08573EPSS
Exploits3References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/20 2:32 p.m.14 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.295 Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space...

7.5CVSS8AI score0.01569EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/28 7:52 p.m.20 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.294 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to...

9.8CVSS10AI score0.04488EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:59 a.m.24 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 290 Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to...

7.8CVSS7.6AI score0.03009EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/09 1:14 p.m.10 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 292 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

5.8CVSS7.1AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/04 5:22 a.m.17 views

Security Bulletin: Due to use of go-git, IBM Instana Observability is vulnerable to a denial of service and argument injection vulnerability.

Summary go-git is used by IBM Instana Observability CVE-2025-21613, CVE-2025-21614 Vulnerability Details CVEID:CVE-2025-21613 DESCRIPTION: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to...

9.8CVSS8.5AI score0.01261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 6:7 a.m.8 views

Security Bulletin: IBM Observability with Instana is vulnerable to Authorization bypass in golang.org/x/crypto

Summary golang.org/x/crypto is used by IBM Instana Observability as part of the instana-agent-operator CVE-2024-45337. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...

9.1CVSS9.6AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 9:4 a.m.12 views

Security Bulletin: IBM Instana Observability is vulnerable to Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

Summary A vulnerability that could cause unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip was remediated in IBM Observability with Instana Build 289 CVE-2024-24790. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6...

9.8CVSS8.7AI score0.01952EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 6:3 p.m.39 views

Security Bulletin: IBM Instana Observability is vulnerable to AuthZ Plugin Bypass and Privilege Escalation

Summary Vulnerability in Docker Engine that could allow attackers to bypass authorization plugins AuthZ was remediated in IBM Observability with Instana Build 279. CVE-2024-41110 Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software...

9.9CVSS9.9AI score0.16496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/17 9:14 a.m.53 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 287 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

8.7CVSS7.7AI score0.02772EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/30 9:3 a.m.49 views

Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.

Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...

9.8CVSS10AI score0.01109EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/18 11:16 a.m.37 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 277. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined...

7.8CVSS8.6AI score0.03028EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 7:46 a.m.42 views

Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.

Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...

9.8CVSS9.9AI score0.01109EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 10:55 a.m.46 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 275. Vulnerability Details CVEID:CVE-2023-3978 DESCRIPTION: Golang html package is vulnerable to cross-site scripting, caused by improper validation of user-supplied input...

7.5CVSS8.4AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/30 11:26 a.m.51 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 273. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input...

7.5CVSS7.6AI score0.011EPSS
Exploits0Affected Software1
Rows per page
Query Builder