Threat Intelligence Exchange Server
CVE-2019-3641
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.
AnalysisAI
Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-285. Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages. Affected products include: Mcafee Threat Intelligence Exchange Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. Rated
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, an
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Rated medium severity
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today