First published: Tue May 23 2023(Updated: )
## Summary Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. ## Impacted versions : 3.6.14.1-3.41.2.1 ## References https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sqlite Jdbc Project Sqlite Jdbc | >=3.6.14.1<3.41.2.2 | |
IBM QRadar SIEM | <=7.5.0 - 7.5.0 UP6 | |
maven/org.xerial:sqlite-jdbc | >=3.6.14.1<3.41.2.2 | 3.41.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-32697 is a vulnerability in SQLite JDBC that allows a remote authenticated attacker to execute arbitrary code on the system by exploiting a flaw in the JDBC URL.
CVE-2023-32697 can be exploited by a remote attacker to execute arbitrary code on the system by sending a specially crafted request.
The severity of CVE-2023-32697 is high, with a CVSS score of 8.8.
The affected software versions include org.xerial:sqlite-jdbc version 3.6.14.1 up to (but not including) 3.41.2.2, and IBM QRadar SIEM version 7.5.0 UP6.
To fix CVE-2023-32697, update to the remedy version 3.41.2.2 for org.xerial:sqlite-jdbc package and update to a version beyond 7.5.0 UP6 for IBM QRadar SIEM.