A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Arbitrary code execution vulnerability on IBM Instana Observability (CVE-2023-39410)

Arbitrary code execution vulnerability on IBM Instana Observability (CVE-2023-39410)

Advisory No: TZCERT/SA/2024/07/04-2

Date of First Release: 4th July 2024

Source: IBM

Software Affected: IBM Observability with Instana (OnPrem)

Overview:

WordPress is vulnerable to four critical vulnerabilities. The attackers can leverage the vulnerability to take control of the affected system.

Description:

IBM Observability with Instana (OnPrem) is affected by a vulnerability tracked as CVE-2023-39410 with a CVSS score of 9.8. The flaw results from Apache Avro Java SDK that could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization.

Impact:

Successful exploitation of this vulnerability may allow an attacker to take control or cause a denial of service condition of the affected system

Solution:

IBM has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.ibm.com/support/pages/node/7159660

Check Also

Remote Code Execution Vulnerabilities in SolarWinds Access Rights Manager (ARM) (CVE-2024-23469, CVE-2024-23467, CVE-2024-23471)

Advisory No: TZCERT/SA/2024/07/19-3 Date of First Release: 19th July 2024 Source: SolarWinds Software Affected: SolarWinds …