Lucene search

K
ibmIBM7079C85B863BE06BD6251E4D983B47BF0D2D94098747410E6CCC1AE3321E01BC
HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in SQLite (CVE-2018-20346)

2023-12-0722:45:07
www.ibm.com
22
ibm flex system
cmm
sqlite vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.901

Percentile

98.9%

Summary

The following vulnerability in SQLite has been addressed by IBM Flex System Chassis Management Module (CMM).

Vulnerability Details

CVEID:CVE-2018-20346
**DESCRIPTION:**SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Flex System Chassis Management Module (CMM) 2PET

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Fixed Product(s) Version(s)

IBM Flex System Chassis Management Module (CMM)

(ibm_fw_cmm_2pet18c-2.5.16c_anyos_noarch)

| 2pet18c-2.5.16c

Workarounds and Mitigations

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Fixed Product(s) Version(s)

IBM Flex System Chassis Management Module (CMM)

(ibm_fw_cmm_2pet18c-2.5.16c_anyos_noarch)

| 2pet18c-2.5.16c

Affected configurations

Vulners
Node
ibmflex_system_chassis_management_moduleMatch2pet
VendorProductVersionCPE
ibmflex_system_chassis_management_module2petcpe:2.3:h:ibm:flex_system_chassis_management_module:2pet:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.901

Percentile

98.9%