IBM Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent and IBM Tivoli Composite Application Manager for Transactions (CVE-2018-8740)

Sep 21, 2018 9:00 am EDT

Categorized: Low Severity

Share this post:

SQLite is vulnerable to a denial of service, caused by a NULL pointer dereference in the src/build.c, src/prepare.c. By using a corrupted SQLite3 database file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE(s): CVE-2018-8740

Affected product(s) and affected version(s):

IBM Cloud Application Performance Management, Advanced Private V8.1.4
IBM Cloud Application Performance Management V8.1.4
IBM Performance Management V8.1.3
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.1
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10731257
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140476



from IBM Product Security Incident Response Team https://ift.tt/2MQE5b6