PT-2020-17329 · Instana · Instana Dynamic Apm

Published

2020-12-15

Updated

2020-12-17

CVE-2020-35463

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Instana Dynamic APM Docker image version 1.0.0

Description The issue is related to a blank password for the root user in the Instana Dynamic APM Docker image. This could allow a remote attacker to achieve root access with a blank password, potentially compromising systems deployed using affected versions of the container.

Recommendations For version 1.0.0, consider changing the root password to a secure value to prevent unauthorized access. As a temporary workaround, restrict access to the container to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-35463

Affected Products

Instana Dynamic Apm

PT-2020-17329 · Instana · Instana Dynamic Apm

CVE-2020-35463

Weakness Enumeration

Related Identifiers

Affected Products

References · 5