CVE-2023-27290

IBM Observability with Instana missing authentication

CVSS 9.1 CRITICALEPSS 8.6%CWE-306

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

IBM · Observability with Instana

public PoCs found — 2

cve_referencepacketstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentication.htmlunverified exploitdbwww.exploit-db.com/exploits/51314unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentication.html https://exchange.xforce.ibmcloud.com/vulnerabilities/248737 https://www.ibm.com/support/pages/node/6959969