CVE-2019-3641 — Improper Authorization in LLC Threat Intelligence Exchange Server

CWE-285 — Improper Authorization3 documents3 sources

Severity

4.5MEDIUMNVD

EPSS

0.2%

top 53.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Threat Intelligence Exchange Server Mcafee Threat Intelligence Exchange Server

Timeline

PublishedNov 13

Latest updateMay 24

Description

Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmcafee/threat_intelligence_exchange_server3.0.0

▶CVEListV5mcafee_llc/threat_intelligence_exchange_server3.0.x 3.0.0

🔴Vulnerability Details

GHSA

GHSA-qfxj-w5h6-q54f: Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3↗2022-05-24

▶

CVEList

Exploitation of Authorization in TIE Server↗2019-11-13

▶