Sign-up

ID

VAR-201911-0374


CVE

CVE-2019-3641


TITLE

McAfee Threat Intelligence Exchange Server Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011959

DESCRIPTION

Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2019-3641 // JVNDB: JVNDB-2019-011959 // CNVD: CNVD-2020-22690

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22690

AFFECTED PRODUCTS

vendor:mcafeemodel:threat intelligence exchange serverscope:eqversion:3.0.0

Trust: 2.4

sources: CNVD: CNVD-2020-22690 // JVNDB: JVNDB-2019-011959 // NVD: CVE-2019-3641

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3641
value: MEDIUM

Trust: 1.0

trellixpsirt@trellix.com: CVE-2019-3641
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3641
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-22690
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-726
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-3641
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-22690
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:L/AU:M/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-3641
baseSeverity: MEDIUM
baseScore: 4.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2019-011959
baseSeverity: MEDIUM
baseScore: 4.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22690 // JVNDB: JVNDB-2019-011959 // CNNVD: CNNVD-201911-726 // NVD: CVE-2019-3641 // NVD: CVE-2019-3641

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-011959 // NVD: CVE-2019-3641

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-726

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201911-726

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011959

PATCH
title:SB10303url:https://kc.mcafee.com/corporate/index?page=content&id=SB10303
Trust: 0.8
title:Patch for McAfee Threat Intelligence Exchange Server authorization issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213737
Trust: 0.6
title:McAfee Threat Intelligence Exchange Server Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105207
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22690 // 
            
            
            
            JVNDB: JVNDB-2019-011959 // 
            
            
            
            CNNVD: CNNVD-201911-726

EXTERNAL IDS
db:NVDid:CVE-2019-3641
Trust: 3.0
db:MCAFEEid:SB10303
Trust: 1.6
db:JVNDBid:JVNDB-2019-011959
Trust: 0.8
db:CNVDid:CNVD-2020-22690
Trust: 0.6
db:CNNVDid:CNNVD-201911-726
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22690 // 
            
            
            
            JVNDB: JVNDB-2019-011959 // 
            
            
            
            CNNVD: CNNVD-201911-726 // 
            
            
            
            NVD: CVE-2019-3641

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-3641
Trust: 2.0
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10303
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3641
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-22690 // 
            
            
            
            JVNDB: JVNDB-2019-011959 // 
            
            
            
            CNNVD: CNNVD-201911-726 // 
            
            
            
            NVD: CVE-2019-3641

SOURCES
db:CNVDid:CNVD-2020-22690
db:JVNDBid:JVNDB-2019-011959
db:CNNVDid:CNNVD-201911-726
db:NVDid:CVE-2019-3641

LAST UPDATE DATE
2024-11-23T21:36:32.499000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22690date:2020-04-13T00:00:00
db:JVNDBid:JVNDB-2019-011959date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201911-726date:2020-10-19T00:00:00
db:NVDid:CVE-2019-3641date:2024-11-21T04:42:17.060

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22690date:2020-04-13T00:00:00
db:JVNDBid:JVNDB-2019-011959date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201911-726date:2019-11-13T00:00:00
db:NVDid:CVE-2019-3641date:2019-11-13T11:15:10.560