cvelistv5 - CVE-2019-3612

CVE-2019-3612 (GCVE-0-2019-3612)

Vulnerability from cvelistv5 – Published: 2019-04-10 20:10 – Updated: 2024-08-04 19:12

Summary

Severity ?

8.2 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

Information Disclosure vulnerability

Assigner

trellix

References

URL

Tags

https://kc.mcafee.com/corporate/index?page=conten…

x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

McAfee, LLC

Data eXchange Layer (DXL) Platform

Affected: unspecified , < 5.0.1 HF2 (custom)

McAfee, LLC

Threat Intelligence Exchange (TIE) Server

Affected: unspecified , < 2.3.1 HF1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Data eXchange Layer (DXL) Platform",
          "vendor": "McAfee, LLC",
          "versions": [
            {
              "lessThan": "5.0.1 HF2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Threat Intelligence Exchange (TIE) Server",
          "vendor": "McAfee, LLC",
          "versions": [
            {
              "lessThan": "2.3.1 HF1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-10T20:10:39",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Information disclosure vulnerability in McAfee TIE Server and DXL Platform",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2019-3612",
          "STATE": "PUBLIC",
          "TITLE": "Information disclosure vulnerability in McAfee TIE Server and DXL Platform"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Data eXchange Layer (DXL) Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.0.1 HF2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Threat Intelligence Exchange (TIE) Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.3.1 HF1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee, LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2019-3612",
    "datePublished": "2019-04-10T20:10:39",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-08-04T19:12:09.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndIncluding\": \"4.1.2\", \"matchCriteriaId\": \"6FDFFFE7-7B54-4E27-9B9D-47529DB779D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndIncluding\": \"5.0.1\", \"matchCriteriaId\": \"9D29F800-96C8-46B3-A797-EA82ADD6AC72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:threat_intelligence_exchange:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.3.1\", \"matchCriteriaId\": \"96EF0072-9343-49A7-95BC-474EA77FA457\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n en McAfee DXL Platform y TIE Server en DXL versi\\u00f3n anterior a 5.0.1 HF2 y TIE versi\\u00f3n anterior a 2.3.1 HF1 este permite a los usuarios autenticados ver informaci\\u00f3n confidencial en texto plano por medio de la GUI o la l\\u00ednea de comandos.\"}]",
      "id": "CVE-2019-3612",
      "lastModified": "2024-11-21T04:42:14.780",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"trellixpsirt@trellix.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-04-10T20:29:01.177",
      "references": "[{\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279\", \"source\": \"trellixpsirt@trellix.com\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "trellixpsirt@trellix.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-312\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-3612\",\"sourceIdentifier\":\"trellixpsirt@trellix.com\",\"published\":\"2019-04-10T20:29:01.177\",\"lastModified\":\"2024-11-21T04:42:14.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en McAfee DXL Platform y TIE Server en DXL versi\u00f3n anterior a 5.0.1 HF2 y TIE versi\u00f3n anterior a 2.3.1 HF1 este permite a los usuarios autenticados ver informaci\u00f3n confidencial en texto plano por medio de la GUI o la l\u00ednea de comandos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"trellixpsirt@trellix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.1.2\",\"matchCriteriaId\":\"6FDFFFE7-7B54-4E27-9B9D-47529DB779D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.0.1\",\"matchCriteriaId\":\"9D29F800-96C8-46B3-A797-EA82ADD6AC72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:threat_intelligence_exchange:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.3.1\",\"matchCriteriaId\":\"96EF0072-9343-49A7-95BC-474EA77FA457\"}]}]}],\"references\":[{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279\",\"source\":\"trellixpsirt@trellix.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201904-0125

Vulnerability from variot - Updated: 2023-12-18 13:02

Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. McAfeeDXLPlatform and McAfeeTIEServer are products of McAfee. McAfeeDXLPlatform is a data exchange layer platform. McAfeeTIEServer is a cyber threat defense server. An information disclosure vulnerability exists in the 5.x version prior to McAfeeDXLPlatform5.0.1HF2, the 4.x version prior to 4.1.22HF3, and the 2.x version prior to TIEServer2.3.1HF1. The vulnerability stems from the configuration of the network system or product during operation. Waiting for the error. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0125",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "data exchange layer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "5.0.0"
      },
      {
        "model": "data exchange layer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "5.0.1"
      },
      {
        "model": "threat intelligence exchange",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2.3.1"
      },
      {
        "model": "threat intelligence exchange",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2.0.0"
      },
      {
        "model": "data exchange layer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "4.1.2"
      },
      {
        "model": "data exchange layer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "4.0.0"
      },
      {
        "model": "data exchange layer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mcafee",
        "version": "5.0.1 hf2"
      },
      {
        "model": "threat intelligence exchange",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mcafee",
        "version": "2.3.1 hf1"
      },
      {
        "model": "dxl platform hf2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "5.*\u003c5.0.1"
      },
      {
        "model": "dxl platform hf3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "4.*\u003c4.1.2"
      },
      {
        "model": "tie server hf1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "2.*\u003c2.3.1"
      },
      {
        "model": "threat intelligence exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2.2"
      },
      {
        "model": "threat intelligence exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2.1"
      },
      {
        "model": "threat intelligence exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2.0"
      },
      {
        "model": "data exchange layer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "data exchange layer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.0"
      },
      {
        "model": "threat intelligence exchange hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2.3.11"
      },
      {
        "model": "threat intelligence exchange hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2.2.01"
      },
      {
        "model": "data exchange layer hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0.12"
      },
      {
        "model": "data exchange layer hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.1.23"
      },
      {
        "model": "data exchange layer hotfix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.0.09"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "db": "BID",
        "id": "108524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.1",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "McAfee",
    "sources": [
      {
        "db": "BID",
        "id": "108524"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-3612",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-3612",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2019-13847",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "trellixpsirt@trellix.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.5,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-3612",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-3612",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "trellixpsirt@trellix.com",
            "id": "CVE-2019-3612",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-13847",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-537",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-3612",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line. McAfeeDXLPlatform and McAfeeTIEServer are products of McAfee. McAfeeDXLPlatform is a data exchange layer platform. McAfeeTIEServer is a cyber threat defense server. An information disclosure vulnerability exists in the 5.x version prior to McAfeeDXLPlatform5.0.1HF2, the 4.x version prior to 4.1.22HF3, and the 2.x version prior to TIEServer2.3.1HF1. The vulnerability stems from the configuration of the network system or product during operation. Waiting for the error. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "db": "BID",
        "id": "108524"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3612"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-3612",
        "trust": 3.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10279",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "108524",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3612",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3612"
      },
      {
        "db": "BID",
        "id": "108524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ]
  },
  "id": "VAR-201904-0125",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:02:15.565000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SB10279",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10279"
      },
      {
        "title": "Patch for McAfeeDXLPlatform and McAfeeTIEServer Information Disclosure Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/160979"
      },
      {
        "title": "McAfee DXL Platform  and McAfee TIE Server Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91352"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-3612 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-312",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3612"
      },
      {
        "trust": 2.0,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10279"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3612"
      },
      {
        "trust": 0.3,
        "url": "https://www.mcafee.com/en-us/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/312.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-3612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3612"
      },
      {
        "db": "BID",
        "id": "108524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-3612"
      },
      {
        "db": "BID",
        "id": "108524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "date": "2019-04-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3612"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "BID",
        "id": "108524"
      },
      {
        "date": "2019-05-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "date": "2019-04-10T20:29:01.177000",
        "db": "NVD",
        "id": "CVE-2019-3612"
      },
      {
        "date": "2019-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "date": "2023-02-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-3612"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "BID",
        "id": "108524"
      },
      {
        "date": "2019-05-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003337"
      },
      {
        "date": "2023-11-07T03:10:00.283000",
        "db": "NVD",
        "id": "CVE-2019-3612"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "108524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "McAfee DXL Platform and McAfee TIE Server Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13847"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-537"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-13847

Vulnerability from cnvd - Published: 2019-05-13

Title

McAfee DXL Platform和McAfee TIE Server信息泄露漏洞

Description

McAfee DXL Platform和McAfee TIE Server都是美国迈克菲（McAfee）公司的产品。McAfee DXL Platform是一套数据交换层平台。McAfee TIE Server是一款网络威胁防御服务器。 McAfee DXL Platform 5.0.1 HF2之前的5.x版本、4.1.2 HF3之前的4.x版本和TIE Server 2.3.1 HF1之前的2.x版本存在信息泄露漏洞，该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

Severity

低

Patch Name

McAfee DXL Platform和McAfee TIE Server信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id;=SB10279

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-3612

Impacted products

Name
['McAfee DXL Platform 5.，<5.0.1 HF2', 'McAfee DXL Platform 4.，<4.1.2 HF3', 'McAfee TIE Server 2.*，<2.3.1 HF1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-3612"
    }
  },
  "description": "McAfee DXL Platform\u548cMcAfee TIE Server\u90fd\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002McAfee DXL Platform\u662f\u4e00\u5957\u6570\u636e\u4ea4\u6362\u5c42\u5e73\u53f0\u3002McAfee TIE Server\u662f\u4e00\u6b3e\u7f51\u7edc\u5a01\u80c1\u9632\u5fa1\u670d\u52a1\u5668\u3002\n\nMcAfee DXL Platform 5.0.1 HF2\u4e4b\u524d\u76845.x\u7248\u672c\u30014.1.2 HF3\u4e4b\u524d\u76844.x\u7248\u672c\u548cTIE Server 2.3.1 HF1\u4e4b\u524d\u76842.x\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "unKnow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id;=SB10279",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-13847",
  "openTime": "2019-05-13",
  "patchDescription": "McAfee DXL Platform\u548cMcAfee TIE Server\u90fd\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002McAfee DXL Platform\u662f\u4e00\u5957\u6570\u636e\u4ea4\u6362\u5c42\u5e73\u53f0\u3002McAfee TIE Server\u662f\u4e00\u6b3e\u7f51\u7edc\u5a01\u80c1\u9632\u5fa1\u670d\u52a1\u5668\u3002\r\n\r\nMcAfee DXL Platform 5.0.1 HF2\u4e4b\u524d\u76845.x\u7248\u672c\u30014.1.2 HF3\u4e4b\u524d\u76844.x\u7248\u672c\u548cTIE Server 2.3.1 HF1\u4e4b\u524d\u76842.x\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee DXL Platform\u548cMcAfee TIE Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "McAfee DXL Platform 5.*\uff0c\u003c5.0.1 HF2",
      "McAfee DXL Platform 4.*\uff0c\u003c4.1.2 HF3",
      "McAfee TIE Server 2.*\uff0c\u003c2.3.1 HF1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3612",
  "serverity": "\u4f4e",
  "submitTime": "2019-04-12",
  "title": "McAfee DXL Platform\u548cMcAfee TIE Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-7V4X-QVRR-X26C

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22

Details

Severity ?

4.4 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-3612"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-312"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-10T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.",
  "id": "GHSA-7v4x-qvrr-x26c",
  "modified": "2022-05-13T01:22:28Z",
  "published": "2022-05-13T01:22:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3612"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-3612

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-3612

Aliases

CVE-2019-3612

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-3612",
    "description": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.",
    "id": "GSD-2019-3612"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-3612"
      ],
      "details": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.",
      "id": "GSD-2019-3612",
      "modified": "2023-12-13T01:24:02.819546Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@mcafee.com",
        "ID": "CVE-2019-3612",
        "STATE": "PUBLIC",
        "TITLE": "Information disclosure vulnerability in McAfee TIE Server and DXL Platform"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Data eXchange Layer (DXL) Platform",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "5.0.1 HF2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Threat Intelligence Exchange (TIE) Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "2.3.1 HF1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "McAfee, LLC"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279",
            "refsource": "CONFIRM",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279"
          }
        ]
      },
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.1",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2019-3612"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-312"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-03T20:42Z",
      "publishedDate": "2019-04-10T20:29Z"
    }
  }
}

FKIE_CVE-2019-3612

Vulnerability from fkie_nvd - Published: 2019-04-10 20:29 - Updated: 2024-11-21 04:42

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	trellixpsirt@trellix.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10279
	af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10279

Impacted products

Vendor	Product	Version
mcafee	data_exchange_layer	*
mcafee	data_exchange_layer	*
mcafee	threat_intelligence_exchange	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FDFFFE7-7B54-4E27-9B9D-47529DB779D7",
              "versionEndIncluding": "4.1.2",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D29F800-96C8-46B3-A797-EA82ADD6AC72",
              "versionEndIncluding": "5.0.1",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96EF0072-9343-49A7-95BC-474EA77FA457",
              "versionEndIncluding": "2.3.1",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en McAfee DXL Platform y TIE Server en DXL versi\u00f3n anterior a 5.0.1 HF2 y TIE versi\u00f3n anterior a 2.3.1 HF1 este permite a los usuarios autenticados ver informaci\u00f3n confidencial en texto plano por medio de la GUI o la l\u00ednea de comandos."
    }
  ],
  "id": "CVE-2019-3612",
  "lastModified": "2024-11-21T04:42:14.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "trellixpsirt@trellix.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-10T20:29:01.177",
  "references": [
    {
      "source": "trellixpsirt@trellix.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10279"
    }
  ],
  "sourceIdentifier": "trellixpsirt@trellix.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-3612 (GCVE-0-2019-3612)

VAR-201904-0125

CNVD-2019-13847

GHSA-7V4X-QVRR-X26C

GSD-2019-3612

FKIE_CVE-2019-3612

Tags

Sightings

Nomenclature