IBM Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-20346)

SQLite could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow when the FTS3 extension is enabled. By using specially-crafted SQL statements, an attacker could exploit this vulnerability to execute

CVE(s): CVE-2018-20346

Affected product(s) and affected version(s):

IBM Cloud Application Performance Management, Advanced Private V8.1.4
IBM Cloud Application Performance Management V8.1.4
IBM Performance Management V8.1.3
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.1
IBM Tivoli Composite Application Manager (ITCAM) for Transactions: Version 7.4.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881384
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154623

The post IBM Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-20346) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ibm.co/2PuekAl