{"id":2295,"date":"2025-04-29T22:33:00","date_gmt":"2025-04-29T22:33:00","guid":{"rendered":"http:\/\/localhost\/?p=2295"},"modified":"2025-04-29T22:33:00","modified_gmt":"2025-04-29T22:33:00","slug":"security-bulletin-ibm-observability-with-instana-onprem-is-affected-by-multiple-security-vulnerabili","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2295","title":{"rendered":"Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nSecurity Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities<\/td>\n<\/tr>\n
Type<\/th>\nibm<\/td>\n<\/tr>\n
Published<\/th>\n2025-04-29T19:38:50<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-04-30T02:59:08<\/td>\n<\/tr>\n
CVSS Score<\/th>\n9.8 (CRITICAL)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nUNCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2023-5590, CVE-2024-11187, CVE-2024-38820, CVE-2024-53382, CVE-2024-54543, CVE-2024-7254, CVE-2024-9823, CVE-2025-1094, CVE-2025-24162, CVE-2025-25977, CVE-2025-26791, CVE-2025-27152, CVE-2025-29907<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nsoftware<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ## Summary<\/p>\n

Multiple vulnerabilities were remediated in IBM Observability with Instana (OnPrem) build 1.0.293<\/p>\n

## Vulnerability Details<\/p>\n

**CVEID:**CVE-2024-53382
\n**DESCRIPTION:** Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
\n**CWE:**CWE-94: Improper Control of Generation of Code (‘Code Injection’)
\n**CVSS Source:** cve@mitre.org
\n**CVSS Base score:** 4.9
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2025-26791
\n**DESCRIPTION:** DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
\n**CWE:**CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
\n**CVSS Source:** cve@mitre.org
\n**CVSS Base score:** 4.5
\n**CVSS Vector:**(CVSS:3.1\/AV:L\/AC:H\/PR:N\/UI:N\/S:C\/C:L\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2025-29907
\n**DESCRIPTION:** jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1.
\n**CWE:**CWE-400: Uncontrolled Resource Consumption
\n**CVSS Source:** security-advisories@github.com
\n**CVSS Base score:** 8.7
\n**CVSS Vector:**(CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:N\/VA:H\/SC:N\/SI:N\/SA:N\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X) <\/p>\n

**CVEID:**CVE-2023-5590
\n**DESCRIPTION:** Selenium is vulnerable to a denial of service, caused by a NULL pointer dereference in the CookieWndProc function. A remote attacker could exploit this vulnerability to cause a denial of service.
\n**CWE:**CWE-476: NULL Pointer Dereference
\n**CVSS Source:** IBM X-Force
\n**CVSS Base score:** 7.5
\n**CVSS Vector:**(CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2024-9823
\n**DESCRIPTION:** There exists a security vulnerability in Jetty’s DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server’s memory finally.
\n**CWE:**CWE-400: Uncontrolled Resource Consumption
\n**CVSS Source:** GitHub
\n**CVSS Base score:** 5.3
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L) <\/p>\n

**CVEID:**CVE-2025-27152
\n**DESCRIPTION:** axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
\n**CWE:**CWE-918: Server-Side Request Forgery (SSRF)
\n**CVSS Source:** IBM
\n**CVSS Base score:** 7.5
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N) <\/p>\n

**CVEID:**CVE-2025-25977
\n**DESCRIPTION:** An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.
\n**CWE:**CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)
\n**CVSS Source:** CISA ADP
\n**CVSS Base score:** 9.8
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H) <\/p>\n

**CVEID:**CVE-2024-11187
\n**DESCRIPTION:** It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
\n**CWE:**CWE-405: Asymmetric Resource Consumption (Amplification)
\n**CVSS Source:** security-officer@isc.org
\n**CVSS Base score:** 7.5
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H) <\/p>\n

**CVEID:**CVE-2024-38820
\n**DESCRIPTION:** VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system.
\n**CWE:**CWE-178: Improper Handling of Case Sensitivity
\n**CVSS Source:** IBM X-Force
\n**CVSS Base score:** 3.1
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N) <\/p>\n

**CVEID:**CVE-2024-7254
\n**DESCRIPTION:** Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups \/ series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
\n**CWE:**CWE-20: Improper Input Validation
\n**CVSS Source:** cve-coordination@google.com
\n**CVSS Base score:** 8.7
\n**CVSS Vector:**(CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:N\/VA:H\/SC:N\/SI:N\/SA:N\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X) <\/p>\n

**CVEID:**CVE-2025-1094
\n**DESCRIPTION:** Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
\n**CWE:**CWE-149: Improper Neutralization of Quoting Syntax
\n**CVSS Source:** NVD
\n**CVSS Base score:** 8.1
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H) <\/p>\n

**CVEID:**CVE-2024-54543
\n**DESCRIPTION:** The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
\n**CWE:**CWE-787: Out-of-bounds Write
\n**CVSS Source:** NVD
\n**CVSS Base score:** 8.8
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H) <\/p>\n

**CVEID:**CVE-2025-24162
\n**DESCRIPTION:** This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
\n**CWE:**CWE-125: Out-of-bounds Read
\n**CVSS Source:** NVD
\n**CVSS Base score:** 6.5
\n**CVSS Vector:**(CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:H)<\/p>\n

## Affected Products and Versions<\/p>\n

Affected Product(s)| Version(s)
\n—|—
\nIBM Observability with Instana (OnPrem)| Build 1.0.271 to 1.0.291 <\/p>\n

## Remediation\/Fixes<\/p>\n

IBM strongly recommends addressing these vulnerabilities now by updating IBM Observability with Instana (OnPrem) to the latest release as described here:
\nhttps:\/\/www.ibm.com\/docs\/en\/instana-observability\/1.0.293<\/p>\n

Affected Product(s)| Version(s)| Remediation\/Fixes\/Instructions
\n—|—|—
\nIBM Observability with Instana (OnPrem)| Build 1.0.271 to 1.0.291| Build 1.0.293 <\/p>\n

## Workarounds and Mitigations<\/p>\n

None<\/p>\n

##\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n9.8<\/td>\n<\/tr>\n
Severity<\/th>\nCRITICAL<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n