Multiple vulnerabilities in IBM Observability with Instana
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-45337 CVE-2024-3596 |
| CWE-ID | CWE-285 CWE-327 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
IBM Observability with Instana Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper authorization
EUVDB-ID: #VU101777
Risk: Medium
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-45337
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to improper authorization caused by improper usage of the ServerConfig.PublicKeyCallback callback. A remote attacker can bypass authorization in certain cases and gain access to the application.
Install update from vendor's website.
Vulnerable software versionsIBM Observability with Instana: 287 - 290
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_observability_with_instana:287:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_observability_with_instana:288:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_observability_with_instana:289:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7186046
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU94063
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-3596
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Observability with Instana: 287 - 290
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_observability_with_instana:287:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_observability_with_instana:288:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_observability_with_instana:289:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7186046
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
