IBM274B2DECA49D2ED58C7DB8F058BC8E71A9B83D89FBE0598D6EC79FB7C6FB0499Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2019-8457)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Summary
SQLite is vulnerable to a denial of service, caused by a heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. A remote attacker could exploit this vulnerability to cause the application to crash.
Vulnerability Details
CVEID: CVE-2019-8457 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161901 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Cloud Application Performance Management, Advanced Private V8.1.4
IBM Cloud Application Performance Management V8.1.4
IBM Performance Management V8.1.3
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.1
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.2
Remediation/Fixes
| Product | Product Version | APAR | Remediation / First Fix |
|---|---|---|---|
| IBM Cloud Application Performance Management - Response Time Monitoring Agent | 8.1.4 | If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.4.0-IBM-APM-RT-AGENT-IF0006 patch to all systems where this agent is installed: | |
| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-RT-AGENT-IF0006&source=SAR | |||
| IBM Performance Management - Response Time Monitoring Agent | 8.1.3 | If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.3.0-IBM-IPM-RT-AGENT-IF0006 patch to all systems where this agent is installed: | |
| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.3.0-IBM-IPM-RT-AGENT-IF0006&source=SAR | |||
| IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.1 | 7.4.0.1-TIV-CAMRT-IF0038 | |
| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-IF0038&source=SAR | |||
| IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.2 | 7.4.0.2-TIV-CAMRT-IF0007 | |
| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.2-TIV-CAMRT-IF0007&source=SAR |
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli monitoring | eq | 8.1.4 | |
| tivoli monitoring | eq | 8.1.3 | |
| tivoli monitoring | eq | 7.4.0.1 | |
| tivoli monitoring | eq | 7.4.0.2 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P