31 matches found
Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.313 Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered ...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.300 Vulnerability Details CVEID:CVE-2024-52533 DESCRIPTION: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow becau...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.299 Vulnerability Details CVEID:CVE-2025-4330 DESCRIPTION: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.299 Vulnerability Details CVEID:CVE-2025-47436 DESCRIPTION: Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where...
Security Bulletin: IBM Observability with Instana is vulnerable to Path Traversal in python
Summary python is used by IBM Instana Observability as part of the instana-agent CVE-2025-4517. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-4517 DESCRIPTION: Allows arbitrary filesystem writes outside the extraction directory durin...
CVE-2023-27290
Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.295 Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.294 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 290 Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 292 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: Due to use of go-git, IBM Instana Observability is vulnerable to a denial of service and argument injection vulnerability.
Summary go-git is used by IBM Instana Observability CVE-2025-21613, CVE-2025-21614 Vulnerability Details CVEID:CVE-2025-21613 DESCRIPTION: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to...
Security Bulletin: IBM Observability with Instana is vulnerable to Authorization bypass in golang.org/x/crypto
Summary golang.org/x/crypto is used by IBM Instana Observability as part of the instana-agent-operator CVE-2024-45337. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...
Security Bulletin: IBM Instana Observability is vulnerable to Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
Summary A vulnerability that could cause unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip was remediated in IBM Observability with Instana Build 289 CVE-2024-24790. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6...
Security Bulletin: IBM Instana Observability is vulnerable to AuthZ Plugin Bypass and Privilege Escalation
Summary Vulnerability in Docker Engine that could allow attackers to bypass authorization plugins AuthZ was remediated in IBM Observability with Instana Build 279. CVE-2024-41110 Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 287 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...
Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.
Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 277. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: Perl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined...
Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.
Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 275. Vulnerability Details CVEID:CVE-2023-3978 DESCRIPTION: Golang html package is vulnerable to cross-site scripting, caused by improper validation of user-supplied input...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 273. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input...