Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFAFCEEB5E7F282B7B50A41E1E44AFB4EF2A67906EA3B347157464BC9FF982A1C
HistoryJun 16, 2018 - 9:41 p.m.

Security Bulletin: A vulnerability in SQLite affects IBM Security Access Manager for Mobile (CVE-2015-3416)

2018-06-1621:41:16
www.ibm.com
12

0.005 Low

EPSS

Percentile

76.8%

JSON

Summary

There is a denial of service vulnerability in SQLite, which affects IBM Security Access Manager for Mobile.

Vulnerability Details

CVEID: CVE-2015-3416**
DESCRIPTION:** SQLite is vulnerable to a denial of service, caused by the failure to properly handle precision and width values during floating-point conversions by the sqlite3VXPrintf function in printf.c. A remote attacker could exploit this vulnerability using large integers in a crafted printf function call to cause a denial of service and possibly have other unspecified impact.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102594 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Security Access Manager for Mobile version 8, all firmware versions

IBM Security Access Manager version 9, all firmware versions

Remediation/Fixes

The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.

Product VRMF APAR Remediation
IBM Security Access Manager for Mobile 8.0.0.0 -
8.0.1.3 IV83813 1. For 8.0-8.0.1.2 environments, upgrade to 8.0.1.3:
8.0.1-ISS-ISAM-FP0003
2. Apply 8.0.1.3 Interim Fix 6:
8.0.1.3-ISS-ISAM-IF0006
IBM Security Access Manager 9.0 IV83796 1. For 9.0 environments, upgrade to 9.0.0.1:
9.0.0-ISS-ISAM-FP0001
2. Apply 9.0.0.1 Interim Fix 3:
9.0.0.1-ISS-ISAM-IF0003

Related

oraclelinux 2
nessus 32
debian 2
ubuntucve 2
openvas 19
redhat 2
ibm 5
cve 1
centos 2
prion 1
nvd 1
f5 2
debiancve 1
cvelist 1
veracode 1
osv 2
freebsd 1
amazon 4
securityvulns 4
kaspersky 1
gentoo 1
ubuntu 1
openwrt 1
mageia 1
slackware 1
apple 4
oracle 1
oraclelinux
oraclelinux
sqlite security update
2015-08-17 00:00:00
sqlite security update
2015-08-17 00:00:00
nessus
nessus
Oracle Linux 6 : sqlite (ELSA-2015-1634)
2015-08-18 00:00:00
CentOS 6 : sqlite (CESA-2015:1634)
2015-08-18 00:00:00
RHEL 6 : sqlite (RHSA-2015:1634)
2015-08-18 00:00:00
debian
debian
[SECURITY] [DSA 3252-2] sqlite3 security update
2015-06-14 15:09:43
[SECURITY] [DSA 3252-1] sqlite3 security update
2015-05-06 20:22:58
ubuntucve
ubuntucve
CVE-2015-3416
2015-04-24 00:00:00
CVE-2015-6607
2015-10-06 00:00:00
openvas
openvas
RedHat Update for sqlite RHSA-2015:1634-01
2015-08-18 00:00:00
Oracle: Security Advisory (ELSA-2015-1634)
2015-10-06 00:00:00
CentOS Update for lemon CESA-2015:1634 centos6
2015-08-18 00:00:00
redhat
redhat
(RHSA-2015:1634) Moderate: sqlite security update
2015-08-17 00:00:00
(RHSA-2015:1635) Moderate: sqlite security update
2015-08-17 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in SQLite affects IBM Security Access Manager for Web (CVE-2015-3416)
2018-06-16 21:41:16
Security Bulletin: A vulnerability in SQLite affects IBM Security Network Protection (CVE-2015-3416)
2018-06-16 21:39:11
Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:33:00
cve
cve
CVE-2015-3416
2015-04-24 17:59:02
centos
centos
lemon, sqlite security update
2015-08-17 15:33:32
lemon, sqlite security update
2015-08-17 16:54:44
prion
prion
Integer overflow
2015-04-24 17:59:00
nvd
nvd
CVE-2015-3416
2015-04-24 17:59:02
f5
f5
SOL16950 - SQLite vulnerability CVE-2015-3416
2015-07-10 00:00:00
K16950 : SQLite vulnerability CVE-2015-3416
2015-07-10 00:00:00
debiancve
debiancve
CVE-2015-3416
2015-04-24 17:59:02
cvelist
cvelist
CVE-2015-3416
2015-04-24 17:00:00
veracode
veracode
Arbitrary Code Execution
2020-09-21 06:25:35
osv
osv
sqlite3 - security update
2015-05-06 00:00:00
sqlite3 - security update
2015-05-06 00:00:00
freebsd
freebsd
sqlite -- multiple vulnerabilities
2015-04-14 00:00:00
amazon
amazon
Medium: sqlite
2015-09-02 12:00:00
Medium: php54
2015-07-07 12:39:00
Medium: php56
2015-07-07 12:40:00
securityvulns
securityvulns
SQLite multiple security vulnerabilities
2015-05-05 00:00:00
[ MDVSA-2015:217 ] sqlite3
2015-05-05 00:00:00
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
2015-10-05 00:00:00
kaspersky
kaspersky
KLA10565 Denial of service vulnerabilities in SQLite
2015-04-24 00:00:00
gentoo
gentoo
SQLite: Multiple vulnerabilities
2015-07-07 00:00:00
ubuntu
ubuntu
SQLite vulnerabilities
2015-07-30 00:00:00
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
mageia
mageia
Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities
2015-05-18 22:08:05
slackware
slackware
[slackware-security] php
2015-07-17 20:25:21
apple
apple
About the security content of iTunes 12.6
2017-03-21 00:00:00
About the security content of iTunes 12.6 - Apple Support
2017-03-22 07:40:40
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00

0.005 Low

EPSS

Percentile

76.8%

JSON
Related for FAFCEEB5E7F282B7B50A41E1E44AFB4EF2A67906EA3B347157464BC9FF982A1C
oraclelinux2nessus32debian2ubuntucve2openvas19redhat2ibm5cve1centos2prion1nvd1f52debiancve1cvelist1veracode1osv2freebsd1amazon4securityvulns4kaspersky1gentoo1ubuntu1openwrt1mageia1slackware1apple4oracle1