Arbitrary code execution vulnerability on IBM Instana Observability (CVE-2023-39410)

Imechapishwa: Jul 04, 2024 17:04

Advisory No: TZCERT/SA/2024/07/04-2

Source: IBM

Software Affected: IBM Observability with Instana (OnPrem)

Overview

WordPress is vulnerable to four critical vulnerabilities. The attackers can leverage the vulnerability to take control of the affected system.

Description

IBM Observability with Instana (OnPrem) is affected by a vulnerability tracked as CVE-2023-39410 with a CVSS score of 9.8. The flaw results from Apache Avro Java SDK that could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization

Impact

Successful exploitation of this vulnerability may allow an attacker to take control or cause a denial of service condition of the affected system.

Solution

IBM has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.</

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio