SB2024021635 - Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024021635

SB2024021635 - Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Published: February 16, 2024

Security Bulletin ID SB2024021635
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2023-34062)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Successful exploitation of the vulnerability requires that Reactor Netty HTTP Server is configured to serve static resources.


2) Input validation error (CVE-ID: CVE-2023-34054)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.


3) Improper Certificate Validation (CVE-ID: CVE-2023-4586)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the Hot Rod client does not enable hostname validation when using TLS. A remote attacker can perform MitM attack.


4) Input validation error (CVE-ID: CVE-2023-34055)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Observations. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that application is using Spring MVC or Spring WebFlux and that org.springframework.boot:spring-boot-actuator is on the classpath.


5) Improper input validation (CVE-ID: CVE-2024-20918)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.


6) Input validation error (CVE-ID: CVE-2023-34053)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Observations. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References