Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFA57CDF4BCAE98CCC902592DBB4477489D30E3D19A0CC4F562C86AA81658E38D
HistoryJun 16, 2018 - 9:41 p.m.

Security Bulletin: A vulnerability in SQLite affects IBM Security Access Manager for Web (CVE-2015-3416)

2018-06-1621:41:16
www.ibm.com
13

0.005 Low

EPSS

Percentile

76.8%

JSON

Summary

There is a denial of service vulnerability in SQLite, which affects IBM Security Access Manager for Web.

Vulnerability Details

CVEID: CVE-2015-3416**
DESCRIPTION:** SQLite is vulnerable to a denial of service, caused by the failure to properly handle precision and width values during floating-point conversions by the sqlite3VXPrintf function in printf.c. A remote attacker could exploit this vulnerability using large integers in a crafted printf function call to cause a denial of service and possibly have other unspecified impact.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102594 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Security Access Manager for Web 7.0 (appliance-based)

IBM Security Access Manager for Web 8.0, all firmware versions

IBM Security Access Manager 9.0, all firmware versions

Remediation/Fixes

IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch.

Product VRMF APAR Remediation
IBM Security Access Manager for Web 7.0 (appliance) IV83817 1. Apply Interim Fix 23:
7.0.0-ISS-WGA-IF0023
IBM Security Access Manager for Web 8.0.0.0 -
8.0.1.3 IV83807 1. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3:
8.0.1-ISS-WGA-FP0003** **
2. Apply 8.0.1.3 Interim Fix 6:
8.0.1.3-ISS-WGA-IF0006
IBM Security Access Manager 9.0 -
9.0.0.1 IV83796 1. For 9.0 environments, upgrade to 9.0.0.1:
9.0.0-ISS-ISAM-FP0001
2. Apply 9.0.0.1 Interim Fix 3:
9.0.0.1-ISS-ISAM-IF0003

Related

oraclelinux 2
nessus 32
debian 2
ibm 5
ubuntucve 2
openvas 19
redhat 2
cve 1
centos 2
prion 1
nvd 1
f5 2
debiancve 1
cvelist 1
veracode 1
osv 2
freebsd 1
amazon 4
securityvulns 4
gentoo 1
kaspersky 1
ubuntu 1
mageia 1
openwrt 1
slackware 1
apple 4
oracle 1
oraclelinux
oraclelinux
sqlite security update
2015-08-17 00:00:00
sqlite security update
2015-08-17 00:00:00
nessus
nessus
Oracle Linux 6 : sqlite (ELSA-2015-1634)
2015-08-18 00:00:00
CentOS 6 : sqlite (CESA-2015:1634)
2015-08-18 00:00:00
RHEL 6 : sqlite (RHSA-2015:1634)
2015-08-18 00:00:00
debian
debian
[SECURITY] [DSA 3252-2] sqlite3 security update
2015-06-14 15:09:43
[SECURITY] [DSA 3252-1] sqlite3 security update
2015-05-06 20:22:58
ibm
ibm
Security Bulletin: A vulnerability in SQLite affects IBM Security Access Manager for Mobile (CVE-2015-3416)
2018-06-16 21:41:16
Security Bulletin: A vulnerability in SQLite affects IBM Security Network Protection (CVE-2015-3416)
2018-06-16 21:39:11
Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:33:00
ubuntucve
ubuntucve
CVE-2015-3416
2015-04-24 00:00:00
CVE-2015-6607
2015-10-06 00:00:00
openvas
openvas
RedHat Update for sqlite RHSA-2015:1634-01
2015-08-18 00:00:00
Oracle: Security Advisory (ELSA-2015-1634)
2015-10-06 00:00:00
CentOS Update for lemon CESA-2015:1634 centos6
2015-08-18 00:00:00
redhat
redhat
(RHSA-2015:1634) Moderate: sqlite security update
2015-08-17 00:00:00
(RHSA-2015:1635) Moderate: sqlite security update
2015-08-17 00:00:00
cve
cve
CVE-2015-3416
2015-04-24 17:59:02
centos
centos
lemon, sqlite security update
2015-08-17 15:33:32
lemon, sqlite security update
2015-08-17 16:54:44
prion
prion
Integer overflow
2015-04-24 17:59:00
nvd
nvd
CVE-2015-3416
2015-04-24 17:59:02
f5
f5
SOL16950 - SQLite vulnerability CVE-2015-3416
2015-07-10 00:00:00
K16950 : SQLite vulnerability CVE-2015-3416
2015-07-10 00:00:00
debiancve
debiancve
CVE-2015-3416
2015-04-24 17:59:02
cvelist
cvelist
CVE-2015-3416
2015-04-24 17:00:00
veracode
veracode
Arbitrary Code Execution
2020-09-21 06:25:35
osv
osv
sqlite3 - security update
2015-05-06 00:00:00
sqlite3 - security update
2015-05-06 00:00:00
freebsd
freebsd
sqlite -- multiple vulnerabilities
2015-04-14 00:00:00
amazon
amazon
Medium: sqlite
2015-09-02 12:00:00
Medium: php54
2015-07-07 12:39:00
Medium: php56
2015-07-07 12:40:00
securityvulns
securityvulns
SQLite multiple security vulnerabilities
2015-05-05 00:00:00
[ MDVSA-2015:217 ] sqlite3
2015-05-05 00:00:00
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
2015-10-05 00:00:00
gentoo
gentoo
SQLite: Multiple vulnerabilities
2015-07-07 00:00:00
kaspersky
kaspersky
KLA10565 Denial of service vulnerabilities in SQLite
2015-04-24 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2015-07-30 00:00:00
mageia
mageia
Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities
2015-05-18 22:08:05
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
slackware
slackware
[slackware-security] php
2015-07-17 20:25:21
apple
apple
About the security content of iTunes 12.6
2017-03-21 00:00:00
About the security content of iTunes 12.6 - Apple Support
2017-03-22 07:40:40
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00

0.005 Low

EPSS

Percentile

76.8%

JSON
Related for FA57CDF4BCAE98CCC902592DBB4477489D30E3D19A0CC4F562C86AA81658E38D
oraclelinux2nessus32debian2ibm5ubuntucve2openvas19redhat2cve1centos2prion1nvd1f52debiancve1cvelist1veracode1osv2freebsd1amazon4securityvulns4gentoo1kaspersky1ubuntu1mageia1openwrt1slackware1apple4oracle1