Vulnerability Details : CVE-2019-3612
Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.
Vulnerability category: Information leak
Products affected by CVE-2019-3612
- Mcafee » Threat Intelligence ExchangeVersions from including (>=) 2.0.0 and up to, including, (<=) 2.3.1cpe:2.3:a:mcafee:threat_intelligence_exchange:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3612
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3612
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
8.2
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
1.5
|
6.0
|
McAfee (DEFUNCT) | |
|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
0.8
|
3.6
|
NIST |
CWE ids for CVE-2019-3612
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-3612
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10279
McAfee Security Bulletin - Data Exchange Layer and Threat Intelligence Exchange updates fix an information disclosure vulnerability (CVE-2019-3612)Patch;Vendor Advisory
Jump to