Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF65CA84A08E9C36EC29E833004E5DFFE891E8D19C9A29C386F6566DF69B03B5B
HistoryApr 07, 2020 - 1:30 p.m.

Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent (CVE-2019-19959, CVE-2019-20218)

2020-04-0713:30:59
www.ibm.com
11

EPSS

0.008

Percentile

81.7%

JSON

Summary

SQLite is vulnerable to a denial of service, caused by the mishandling of certain uses of INSERT INTO in situations involving embedded ‘\0’ characters in filenames. By using a specially-crafted filename, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Vulnerability Details

CVEID:CVE-2019-19959
**DESCRIPTION:**SQLite is vulnerable to a denial of service, caused by the mishandling of certain uses of INSERT INTO in situations involving embedded ‘\0’ characters in filenames. By using a specially-crafted filename, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174011 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-20218
**DESCRIPTION:**An unspecified error in selectExpander in select.c in SQLite has an unknown impact and attack vector.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173900 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Application Performance Management - Response Time Monitoring Agent 8.1.4
IBM Performance Management - Response Time Monitoring Agent 8.1.3
IBM Tivoli Composite Application Manager for Transactions (Response Time) 7.4.0.1
IBM Tivoli Composite Application Manager for Transactions (Response Time) 7.4.0.2

Remediation/Fixes

Product APAR Remediation / First Fix
IBM Cloud Application Performance Management - Response Time Monitoring Agent 8.1.4 If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.4.0-IBM-APM-RT-AGENT-IF0009 patch to all systems where this agent is installed:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-RT-AGENT-IF0009&source=SAR
IBM Performance Management - Response Time Monitoring Agent 8.1.3 If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.3.0-IBM-IPM-RT-AGENT-IF0008 patch to all systems where this agent is installed:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.3.0-IBM-IPM-RT-AGENT-IF0008&source=SAR
IBM Tivoli Composite Application Manager for Transactions (Response Time) 7.4.0.1 7.4.0.1-TIV-CAMRT-IF0043
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-IF0043&source=SAR
IBM Tivoli Composite Application Manager for Transactions (Response Time) 7.4.0.2 7.4.0.2-TIV-CAMRT-IF0010
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.2-TIV-CAMRT-IF0010&source=SAR

Workarounds and Mitigations

None

Related

ibm 4
ubuntucve 2
osv 3
alpinelinux 2
sqlite 2
nvd 2
cvelist 2
debian 2
debiancve 2
cve 2
redhatcve 2
prion 2
veracode 1
nessus 35
openvas 16
ubuntu 1
cloudfoundry 1
photon 12
redhat 15
oraclelinux 2
suse 2
almalinux 1
gentoo 1
tenable 1
ics 1
oracle 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.
2020-03-01 17:55:34
Security Bulletin: IBM Security Guardium is affected by an SQLite vulnerability
2020-10-09 19:49:03
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
2021-08-13 22:15:02
ubuntucve
ubuntucve
CVE-2019-19959
2020-01-03 00:00:00
CVE-2019-20218
2020-01-02 00:00:00
osv
osv
CVE-2019-19959
2020-01-03 22:15:12
CVE-2019-20218
2020-01-02 14:16:36
sqlite3 - regression update
2020-12-10 00:00:00
alpinelinux
alpinelinux
CVE-2019-19959
2020-01-03 22:15:00
CVE-2019-20218
2020-01-02 14:16:00
sqlite
sqlite
SQLite report about CVE-2019-19959
2019-01-01 00:00:00
SQLite report about CVE-2019-20218
2019-01-01 00:00:00
nvd
nvd
CVE-2019-19959
2020-01-03 22:15:12
CVE-2019-20218
2020-01-02 14:16:36
cvelist
cvelist
CVE-2019-19959
2020-01-03 21:37:42
CVE-2019-20218
2020-01-02 02:51:58
debian
debian
[SECURITY] [DLA 2340-2] sqlite3 regression update
2020-12-10 14:29:38
[SECURITY] [DLA 2340-1] sqlite3 security update
2020-08-22 22:34:41
debiancve
debiancve
CVE-2019-20218
2020-01-02 14:16:36
CVE-2019-19959
2020-01-03 22:15:12
cve
cve
CVE-2019-20218
2020-01-02 14:16:36
CVE-2019-19959
2020-01-03 22:15:12
redhatcve
redhatcve
CVE-2019-19959
2020-01-09 22:05:39
CVE-2019-20218
2020-01-15 14:09:08
prion
prion
Code injection
2020-01-03 22:15:00
Code injection
2020-01-02 14:16:00
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:34:24
nessus
nessus
Debian DLA-2340-2 : sqlite3 regression update
2020-08-24 00:00:00
SUSE SLES11 Security Update : sqlite3 (SUSE-SU-2021:14771-1)
2021-07-30 00:00:00
EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)
2020-02-25 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:14771-1)
2021-07-30 00:00:00
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1180)
2020-02-25 00:00:00
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1624)
2020-06-16 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2020-03-10 00:00:00
cloudfoundry
cloudfoundry
USN-4298-1: SQLite vulnerabilities | Cloud Foundry
2020-03-31 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0270
2020-02-05 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0204
2020-02-05 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0200
2020-01-14 00:00:00
redhat
redhat
(RHSA-2020:1810) Moderate: sqlite security and bug fix update
2020-04-28 09:19:01
(RHSA-2020:4442) Moderate: sqlite security update
2020-11-03 12:04:56
(RHSA-2021:0146) Moderate: Release of OpenShift Serverless 1.12.0
2021-01-14 13:24:22
oraclelinux
oraclelinux
sqlite security and bug fix update
2020-05-05 00:00:00
sqlite security update
2020-11-10 00:00:00
suse
suse
Security update for sqlite3 (important)
2021-07-20 00:00:00
Security update for sqlite3 (important)
2021-07-14 00:00:00
almalinux
almalinux
Moderate: sqlite security update
2020-11-03 12:04:56
gentoo
gentoo
SQLite: Multiple vulnerabilities
2020-07-27 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

EPSS

0.008

Percentile

81.7%

JSON
Related for F65CA84A08E9C36EC29E833004E5DFFE891E8D19C9A29C386F6566DF69B03B5B
ibm4ubuntucve2osv3alpinelinux2sqlite2nvd2cvelist2debian2debiancve2cve2redhatcve2prion2veracode1nessus35openvas16ubuntu1cloudfoundry1photon12redhat15oraclelinux2suse2almalinux1gentoo1tenable1ics1oracle1