CVE-2019-3612

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 85.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee, LLC Data Exchange Layer (dxl) Platform Mcafee, LLC Threat Intelligence Exchange (tie) Server Mcafee Data Exchange Layer +1 more

Timeline

PublishedApr 10

Latest updateMay 13

Description

Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5mcafee,_llc/data_exchange_layer_(dxl)_platformunspecified — 5.0.1 HF2

▶CVEListV5mcafee,_llc/threat_intelligence_exchange_(tie)_serverunspecified — 2.3.1 HF1

▶NVDmcafee/data_exchange_layer4.0.0 — 4.1.2+1

▶NVDmcafee/threat_intelligence_exchange2.0.0 — 2.3.1

🔴Vulnerability Details

GHSA

GHSA-7v4x-qvrr-x26c: Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5↗2022-05-13

▶

CVEList

Information disclosure vulnerability in McAfee TIE Server and DXL Platform↗2019-04-10

▶