SQLite is vulnerable to a denial of service, caused by the mishandling of certain uses of INSERT INTO in situations involving embedded ‘\0’ characters in filenames. By using a specially-crafted filename, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVEID:CVE-2019-19959
**DESCRIPTION:**SQLite is vulnerable to a denial of service, caused by the mishandling of certain uses of INSERT INTO in situations involving embedded ‘\0’ characters in filenames. By using a specially-crafted filename, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174011 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2019-20218
**DESCRIPTION:**An unspecified error in selectExpander in select.c in SQLite has an unknown impact and attack vector.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173900 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Application Performance Management - Response Time Monitoring Agent | 8.1.4 |
IBM Performance Management - Response Time Monitoring Agent | 8.1.3 |
IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.1 |
IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.2 |
Product | APAR | Remediation / First Fix | |
---|---|---|---|
IBM Cloud Application Performance Management - Response Time Monitoring Agent | 8.1.4 | If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.4.0-IBM-APM-RT-AGENT-IF0009 patch to all systems where this agent is installed: | |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-RT-AGENT-IF0009&source=SAR | |||
IBM Performance Management - Response Time Monitoring Agent | 8.1.3 | If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.3.0-IBM-IPM-RT-AGENT-IF0008 patch to all systems where this agent is installed: | |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.3.0-IBM-IPM-RT-AGENT-IF0008&source=SAR | |||
IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.1 | 7.4.0.1-TIV-CAMRT-IF0043 | |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-IF0043&source=SAR | |||
IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.2 | 7.4.0.2-TIV-CAMRT-IF0010 | |
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.2-TIV-CAMRT-IF0010&source=SAR |
None