SQLite could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when the FTS3 extension is enabled. By using specially-crafted SQL statements, an attacker could exploit this vulnerability to execute
CVEID: CVE-2018-20346 DESCRIPTION: SQLite could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when the FTS3 extension is enabled. By using specially-crafted SQL statements, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154623> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM Cloud Application Performance Management, Advanced Private V8.1.4
IBM Cloud Application Performance Management V8.1.4
IBM Performance Management V8.1.3
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.1
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.2
Product | Product Version | APAR | Remediation / First Fix |
---|---|---|---|
IBM Cloud Application Performance Management - Response Time Monitoring Agent | 8.1.4 | If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.4.0-IBM-APM-RT-AGENT-IF0005 patch to all systems where this agent is installed: | |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-RT-AGENT-IF0005&source=SAR | |||
IBM Performance Management - Response Time Monitoring Agent | 8.1.3 | If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.3.0-IBM-IPM-RT-AGENT-IF0005 patch to all systems where this agent is installed: | |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.3.0-IBM-IPM-RT-AGENT-IF0005&source=SAR | |||
IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.1 | 7.4.0.1-TIV-CAMRT-IF0036 | |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-IF0036&source=SAR | |||
IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.2 | 7.4.0.2-TIV-CAMRT-IF0005 | |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.2-TIV-CAMRT-IF0005&source=SAR |
CPE | Name | Operator | Version |
---|---|---|---|
tivoli monitoring | eq | 8.1.4 | |
tivoli monitoring | eq | 8.1.3 | |
tivoli monitoring | eq | 7.4.0.1 | |
tivoli monitoring | eq | 7.4.0.2 |