IBM Observability with Instana code execution
CVE-2023-37404

6.4MEDIUM

Key Information:

Vendor: IBM
Status: Observability With Instana
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-37404?

IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.

Affected Version(s)

Observability with Instana 1.0.243 <= 1.0.254

References

https://www.ibm.com/support/pages/node/7041863

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/259789

vdb-entry

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Jul 5, 2023