Low Severity

Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2021-45346)

Share this post:

A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information.

CVE(s): CVE-2021-45346

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Tivoli Composite Application Manager for Transactions (Response Time) 7.4.0.2
IBM Cloud Application Performance Management – Response Time Monitoring Agent 8.1.4
IBM Tivoli Composite Application Manager for Transactions (Response Time) 7.4.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6615933
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219912

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OAuthLib

November 30, 2022 | Low Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OAuthLib. ...read more


Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)

November 21, 2022 | Low Severity

If a user password is changed, IBM DataPower Gateway does not immediately invalidate existing active sessions that were created with the old password. This means that a session created using a compromised password could continue to operate after the password has been changed until the session expires. ...read more


Security Bulletin: Vulnerability in Apache HTTP (CVE-2020-13950) affects Power HMC

November 18, 2022 | Low Severity

Apache HTTP webserver is used by IBM Power Hardware Management Console (HMC) for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerability, CVE-2020-13950 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the vulnerability. ...read more