Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring RRT Agent (CVE-2021-45346)

Summary

A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information.

Vulnerability Details

CVEID:CVE-2021-45346
**DESCRIPTION:**SQLite could allow a local authenticated attacker to obtain sensitive information, caused by a memory leak. By sending a specially-crafted SQL query via editing the database file, an attacker could exploit this vulnerability to obtain sensitive information from subsequent bytes of the queried record from memory.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219912 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

IBM Tivoli Composite Application Manager for Transactions (Response Time)| 7.4.0.1| | 7.4.0.1-TIV-CAMRT-IF0059
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-IF0059&source=SAR
—|—|—|—
IBM Tivoli Composite Application Manager for Transactions (Response Time)| 7.4.0.2| | 7.4.0.2-TIV-CAMRT-IF0018
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.2-TIV-CAMRT-IF0018&source=SAR

Workarounds and Mitigations

None