As an additional safety measure for wrongly configured firewalls, Kafka, Clickhouse, and Cassandra are now configured such that clients can only connect from localhost. The other databases have already been configured this way.
We have released the following security bulletin for this issue https://www.ibm.com/support/pages/node/6959969 IBM strongly recommends addressing the vulnerability now by upgrading to 243, 241-3 or 239-3
Use your appropriate package manager command to update to a desired package version of Instana console. See the following example for Ubuntu: To get the latest version, run the command as follows: sudo apt-get install instana-console To grab a specific version, run the command as follows: sudo apt-get install instana-console=241-3
Posted Mar 06, 2023 - 21:35 UTC
Identified
Docker-based datastores for IBM Instana do not currently require authentication Due to this, an attacker within the network could access the data stores with read/write access (CVE-2023-27290).