Lucene search

K
ibmIBM97CF7C515357F1AFFF5BDC937895F029179A2F0A599F6865A2F4BA81F8C07371
HistoryMar 16, 2021 - 6:52 a.m.

Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-13434, CVE-2020-13435)

2021-03-1606:52:21
www.ibm.com
14

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

Summary

A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender

Vulnerability Details

CVEID:CVE-2020-13435
**DESCRIPTION:**SQLite is vulnerable to a denial of service, caused by flaw in the sqlite3ExprCodeTarget function in expr.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182406 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-13434
**DESCRIPTION:**SQLite is vulnerable to a stack-based buffer overflow, caused by an integer overflow in the sqlite3_str_vappendf function. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182405 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MaaS360 Cloud Extender 2.102.x and prior

Remediation/Fixes

Update the IBM MaaS360 Cloud Extender to version 2.103.000.051 or greater, using the update manager.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm maas360eq2.102

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

Related for 97CF7C515357F1AFFF5BDC937895F029179A2F0A599F6865A2F4BA81F8C07371