Severity
High
Analysis Summary
CVE-2023-27290
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access.
Impact
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-27290
Affected Vendors
IBM
Affected Products
- IBM Observability with Instana 241-2
- IBM Observability with Instana 241-0
- IBM Observability with Instana 239-0
- IBM Observability with Instana 239-2
Remediation
Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information.