CVE-2023-27290

Summary

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.

Affected Software

VendorProductVersion RangeStatus
IBMObservability with Instana239-0 < 239-2affected
IBMObservability with Instana241-0 < 241-2affected
IBMObservability with Instana243-0affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References