Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAEDF87DC48EE28C5C28E436F1C573E52A876EC4A29A5AE6E3768DECFC1E5E0B0
HistorySep 21, 2018 - 6:35 a.m.

Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent and IBM Tivoli Composite Application Manager for Transactions (CVE-2018-8740)

2018-09-2106:35:01
www.ibm.com
12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in the src/build.c, src/prepare.c. By using a corrupted SQLite3 database file, a remote attacker could exploit this vulnerability to cause the application to crash.

Vulnerability Details

CVEID: CVE-2018-8740 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in the src/build.c, src/prepare.c. By using a corrupted SQLite3 database file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140476&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM Cloud Application Performance Management, Advanced Private V8.1.4
IBM Cloud Application Performance Management V8.1.4
IBM Performance Management V8.1.3
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.1
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.2

Remediation/Fixes

Product

|

Product Version

|

APAR

|

Remediation / First Fix

—|—|—|—
IBM Cloud Application Performance Management - Response Time Monitoring Agent | 8.1.4 | |

If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.4.0-IBM-APM-RT-AGENT-IF0002 patch to all systems where this agent is installed:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&amp;fixids=8.1.4.0-IBM-APM-RT-AGENT-IF0002&amp;source=SAR

IBM Performance Management - Response Time Monitoring Agent | 8.1.3 | |

If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.3.0-IBM-IPM-RT-AGENT-IF0004 patch to all systems where this agent is installed:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FIBM+Tivoli+Monitoring&amp;fixids=8.1.3.0-IBM-IPM-RT-AGENT-IF0004&amp;source=SAR&amp;function=fixId&amp;parent=ibm/Tivoli

IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.1 | | 7.4.0.1-TIV-CAMRT-IF0029
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&amp;fixids=7.4.0.1-TIV-CAMRT-IF0029&amp;source=SAR&amp;function=fixId&amp;parent=Tivoli Composite Application Manager
IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.2 | | 7.4.0.2-TIV-CAMRT-IF0001
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&amp;fixids=7.4.0.2-TIV-CAMRT-IF0001&amp;source=SAR&amp;function=fixId&amp;parent=Tivoli Composite Application Manager

Related

nessus 22
fedora 5
openvas 21
freebsd 2
ibm 3
debiancve 1
redhatcve 1
veracode 1
prion 1
ubuntucve 1
mageia 2
alpinelinux 1
cve 1
osv 4
suse 1
debian 3
ubuntu 2
cloudfoundry 2
rosalinux 1
photon 4
oracle 1
nessus
nessus
FreeBSD : SQLite -- Corrupt DB can cause a NULL pointer dereference (6d52bda1-2e54-11e8-a68f-485b3931c969)
2018-03-23 00:00:00
Photon OS 1.0: Sqlite PHSA-2018-1.0-0126
2019-02-07 00:00:00
EulerOS Virtualization 2.5.0 : sqlite (EulerOS-SA-2018-1341)
2018-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: sqlite-3.22.0-4.fc28
2018-04-01 00:46:25
[SECURITY] Fedora 26 Update: sqlite-3.20.1-2.fc26
2018-03-27 19:31:41
[SECURITY] Fedora 27 Update: sqlite-3.20.1-2.fc27
2018-03-27 20:18:12
openvas
openvas
Fedora Update for sqlite FEDORA-2018-aace372c3f
2018-03-28 00:00:00
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2018-1341)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2018-1180)
2020-01-23 00:00:00
freebsd
freebsd
SQLite -- Corrupt DB can cause a NULL pointer dereference
2018-03-16 00:00:00
SQLite -- Corrupt DB can cause a NULL pointer dereference
2018-03-16 00:00:00
ibm
ibm
Security Bulletin: Public disclosed vulnerability from SQLite CVE-2018-8740
2019-05-10 14:33:22
Security Bulletin: Multiple Vulnerabilities in SQLite affects IBM Watson Studio Local
2019-12-20 14:02:58
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
debiancve
debiancve
CVE-2018-8740
2018-03-17 00:29:00
redhatcve
redhatcve
CVE-2018-8740
2018-03-21 04:20:49
veracode
veracode
Denial Of Service (DoS)
2020-05-10 23:25:15
prion
prion
Null pointer dereference
2018-03-17 00:29:00
ubuntucve
ubuntucve
CVE-2018-8740
2018-03-17 00:00:00
mageia
mageia
Updated sqlite3 packages fix security vulnerability
2018-03-23 01:39:21
Updated sqlite packages fix security vulnerability
2023-06-28 08:21:41
alpinelinux
alpinelinux
CVE-2018-8740
2018-03-17 00:29:00
cve
cve
CVE-2018-8740
2018-03-17 00:29:00
osv
osv
CVE-2018-8740
2018-03-17 00:29:00
sqlite - security update
2023-05-22 00:00:00
sqlite3 - security update
2019-01-11 00:00:00
suse
suse
Security update for sqlite3 (moderate)
2019-05-22 00:00:00
debian
debian
[SECURITY] [DLA 3431-1] sqlite security update
2023-05-22 11:12:34
[SECURITY] [DLA 1633-1] sqlite3 security update
2019-01-11 18:48:51
[SECURITY] [DLA 2340-1] sqlite3 security update
2020-08-22 22:34:41
ubuntu
ubuntu
SQLite vulnerabilities
2019-12-02 00:00:00
SQLite vulnerabilities
2020-06-10 00:00:00
cloudfoundry
cloudfoundry
USN-4205-1: SQLite vulnerabilities | Cloud Foundry
2019-12-18 00:00:00
USN-4394-1: SQLite vulnerabilities | Cloud Foundry
2020-06-24 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1975
2021-07-02 18:09:04
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0037
2018-04-23 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0126
2018-04-24 00:00:00
Critical Photon OS Security Update - PHSA-2018-0126
2018-04-24 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON
Related for AEDF87DC48EE28C5C28E436F1C573E52A876EC4A29A5AE6E3768DECFC1E5E0B0
nessus22fedora5openvas21freebsd2ibm3debiancve1redhatcve1veracode1prion1ubuntucve1mageia2alpinelinux1cve1osv4suse1debian3ubuntu2cloudfoundry2rosalinux1photon4oracle1