CVE-2023-27290

high-risk
Published 2023-03-03

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.

Do I need to act?

!
16.5% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51314
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Ibm

References (6)

http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentica...
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/248737
Vendor Advisory https://www.ibm.com/support/pages/node/6959969
http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentica...
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/248737
Vendor Advisory https://www.ibm.com/support/pages/node/6959969
51
/ 100
high-risk
Severity 31/34 · Critical
Exploitability 13/34 · Low
Exposure 7/34 · Low