Medium Severity

Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment Response Time Monitoring Agent (CVE-2019-16168)

Share this post:

SQLite is vulnerable to a denial of service, caused by missing validation of a sqlite_stat1 sz field in whereLoopAddBtreeIndex in sqlite3.c. By providing specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Performance Management – Response Time Monitoring Agent

8.1.3

IBM Cloud Application Performance Management – Response Time Monitoring Agent

8.1.4

IBM Tivoli Composite Application Manager for Transactions (Response Time)

7.4.0.1

IBM Tivoli Composite Application Manager for Transactions (Response Time)

7.4.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1288882

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials

Mar 31, 2020 8:01 pm EDT | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data returns decrypted credentials for data soruces in JSON response of internal API for processing settings. ...read more


Security Bulletin: Possible denial of service vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data

Mar 31, 2020 8:01 pm EDT | Medium Severity

There is a possible denial of service vulnerability in some of the Watson Knowledge Catalog for IBM Cloud Pak for Data UI services. This vulnerability has been addressed. ...read more


Security Bulletin: Vulnerability in jQuery affects IBM Tririga Application Platform (CVE-2019-11358)

Mar 31, 2020 8:01 pm EDT | Medium Severity

jQuery used by IBM Tririga Application Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. ...read more