Sign-up

ID

VAR-201904-0125


CVE

CVE-2019-3612


TITLE

McAfee DXL Platform and McAfee TIE Server Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-13847 // CNNVD: CNNVD-201904-537

DESCRIPTION

Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. McAfeeDXLPlatform and McAfeeTIEServer are products of McAfee. McAfeeDXLPlatform is a data exchange layer platform. McAfeeTIEServer is a cyber threat defense server. An information disclosure vulnerability exists in the 5.x version prior to McAfeeDXLPlatform5.0.1HF2, the 4.x version prior to 4.1.22HF3, and the 2.x version prior to TIEServer2.3.1HF1. The vulnerability stems from the configuration of the network system or product during operation. Waiting for the error. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Trust: 2.52

sources: NVD: CVE-2019-3612 // JVNDB: JVNDB-2019-003337 // CNVD: CNVD-2019-13847 // BID: 108524 // VULMON: CVE-2019-3612

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13847

AFFECTED PRODUCTS

vendor:mcafeemodel:data exchange layerscope:lteversion:4.1.2

Trust: 1.0

vendor:mcafeemodel:data exchange layerscope:gteversion:4.0.0

Trust: 1.0

vendor:mcafeemodel:data exchange layerscope:lteversion:5.0.1

Trust: 1.0

vendor:mcafeemodel:data exchange layerscope:gteversion:5.0.0

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchangescope:gteversion:2.0.0

Trust: 1.0

vendor:mcafeemodel:threat intelligence exchangescope:lteversion:2.3.1

Trust: 1.0

vendor:mcafeemodel:data exchange layerscope:ltversion:5.0.1 hf2

Trust: 0.8

vendor:mcafeemodel:threat intelligence exchangescope:ltversion:2.3.1 hf1

Trust: 0.8

vendor:mcafeemodel:dxl platform hf2scope:eqversion:5.*<5.0.1

Trust: 0.6

vendor:mcafeemodel:dxl platform hf3scope:eqversion:4.*<4.1.2

Trust: 0.6

vendor:mcafeemodel:tie server hf1scope:eqversion:2.*<2.3.1

Trust: 0.6

vendor:mcafeemodel:threat intelligence exchangescope:eqversion:2.2

Trust: 0.3

vendor:mcafeemodel:threat intelligence exchangescope:eqversion:2.1

Trust: 0.3

vendor:mcafeemodel:threat intelligence exchangescope:eqversion:2.0

Trust: 0.3

vendor:mcafeemodel:data exchange layerscope:eqversion:5.0

Trust: 0.3

vendor:mcafeemodel:data exchange layerscope:eqversion:4.0

Trust: 0.3

vendor:mcafeemodel:threat intelligence exchange hotfixscope:neversion:2.3.11

Trust: 0.3

vendor:mcafeemodel:threat intelligence exchange hotfixscope:neversion:2.2.01

Trust: 0.3

vendor:mcafeemodel:data exchange layer hotfixscope:neversion:5.0.12

Trust: 0.3

vendor:mcafeemodel:data exchange layer hotfixscope:neversion:4.1.23

Trust: 0.3

vendor:mcafeemodel:data exchange layer hotfixscope:neversion:4.0.09

Trust: 0.3

sources: CNVD: CNVD-2019-13847 // BID: 108524 // JVNDB: JVNDB-2019-003337 // NVD: CVE-2019-3612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3612
value: MEDIUM

Trust: 1.0

trellixpsirt@trellix.com: CVE-2019-3612
value: HIGH

Trust: 1.0

NVD: CVE-2019-3612
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-13847
value: LOW

Trust: 0.6

CNNVD: CNNVD-201904-537
value: MEDIUM

Trust: 0.6

VULMON: CVE-2019-3612
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-3612
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-13847
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-3612
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

trellixpsirt@trellix.com: CVE-2019-3612
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-3612
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-13847 // VULMON: CVE-2019-3612 // JVNDB: JVNDB-2019-003337 // CNNVD: CNNVD-201904-537 // NVD: CVE-2019-3612 // NVD: CVE-2019-3612

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-003337 // NVD: CVE-2019-3612

THREAT TYPE

local

Trust: 0.9

sources: BID: 108524 // CNNVD: CNNVD-201904-537

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003337

PATCH
title:SB10279url:https://kc.mcafee.com/corporate/index?page=content&id=SB10279
Trust: 0.8
title:Patch for McAfeeDXLPlatform and McAfeeTIEServer Information Disclosure Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/160979
Trust: 0.6
title:McAfee DXL Platform  and McAfee TIE Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91352
Trust: 0.6
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-3612 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13847 // 
            
            
            
            VULMON: CVE-2019-3612 // 
            
            
            
            JVNDB: JVNDB-2019-003337 // 
            
            
            
            CNNVD: CNNVD-201904-537

EXTERNAL IDS
db:NVDid:CVE-2019-3612
Trust: 3.4
db:MCAFEEid:SB10279
Trust: 2.0
db:JVNDBid:JVNDB-2019-003337
Trust: 0.8
db:CNVDid:CNVD-2019-13847
Trust: 0.6
db:CNNVDid:CNNVD-201904-537
Trust: 0.6
db:BIDid:108524
Trust: 0.3
db:VULMONid:CVE-2019-3612
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13847 // 
            
            
            
            VULMON: CVE-2019-3612 // 
            
            
            
            BID: 108524 // 
            
            
            
            JVNDB: JVNDB-2019-003337 // 
            
            
            
            CNNVD: CNNVD-201904-537 // 
            
            
            
            NVD: CVE-2019-3612

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-3612
Trust: 2.0
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10279
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3612
Trust: 0.8
url:https://www.mcafee.com/en-us/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/312.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-3612
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13847 // 
            
            
            
            VULMON: CVE-2019-3612 // 
            
            
            
            BID: 108524 // 
            
            
            
            JVNDB: JVNDB-2019-003337 // 
            
            
            
            CNNVD: CNNVD-201904-537 // 
            
            
            
            NVD: CVE-2019-3612

CREDITS
McAfee
Trust: 0.3
sources:
            
            
            BID: 108524

SOURCES
db:CNVDid:CNVD-2019-13847
db:VULMONid:CVE-2019-3612
db:BIDid:108524
db:JVNDBid:JVNDB-2019-003337
db:CNNVDid:CNNVD-201904-537
db:NVDid:CVE-2019-3612

LAST UPDATE DATE
2024-11-23T22:33:57.272000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13847date:2019-05-13T00:00:00
db:VULMONid:CVE-2019-3612date:2023-02-03T00:00:00
db:BIDid:108524date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003337date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-537date:2020-08-25T00:00:00
db:NVDid:CVE-2019-3612date:2024-11-21T04:42:14.780

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13847date:2019-05-13T00:00:00
db:VULMONid:CVE-2019-3612date:2019-04-10T00:00:00
db:BIDid:108524date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003337date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-537date:2019-04-10T00:00:00
db:NVDid:CVE-2019-3612date:2019-04-10T20:29:01.177