CVE-2023-27290

Name of the Vulnerable Software and Affected Versions IBM Instana (IBM Observability with Instana) versions 239-0 through 239-2 IBM Instana (IBM Observability with Instana) versions 241-0 through 241-2 IBM Instana (IBM Observability with Instana) version 243-0

Description The issue is related to Docker-based datastores for IBM Instana, which do not require authentication, allowing an attacker within the network to access the datastores with read/write access. This could enable a remote attacker to read or modify data.

Recommendations For IBM Instana (IBM Observability with Instana) versions 239-0 through 239-2, consider implementing authentication for Docker-based datastores to restrict access. For IBM Instana (IBM Observability with Instana) versions 241-0 through 241-2, consider implementing authentication for Docker-based datastores to restrict access. For IBM Instana (IBM Observability with Instana) version 243-0, consider implementing authentication for Docker-based datastores to restrict access. As a temporary workaround, consider restricting access to the Docker-based datastores to minimize the risk of exploitation.