Vulnerability Details CVE-2023-27290
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.2%
CVSS Severity
CVSS v3 Score 9.1
References
- http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentication.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/248737
- https://www.ibm.com/support/pages/node/6959969
- http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentication.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/248737
- https://www.ibm.com/support/pages/node/6959969
Products affected by CVE-2023-27290
-
cpe:2.3:a:ibm:observability_with_instana:239-0
-
cpe:2.3:a:ibm:observability_with_instana:239-2
-
cpe:2.3:a:ibm:observability_with_instana:241-0
-
cpe:2.3:a:ibm:observability_with_instana:241-2
-
cpe:2.3:a:ibm:observability_with_instana:243-0