Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0103 McAfee Security Bulletin - Data Exchange Layer and Threat Intelligence Exchange updates fix an information disclosure vulnerability (CVE-2019-3612) (SB10279) 15 April 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Data Exchange Layer McAfee Threat Intelligence Exchange Operating System: Linux variants Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-3612 Member content until: Wednesday, May 15 2019 OVERVIEW A vulnerability has been identified in McAfee Data Exchange Layer and Threat Intelligence Exchange. [1] IMPACT The vendor has provided the following information: "CVE-2019-3612: Disclosure of sensitive information to local users Information Disclosure vulnerability in McAfee DXL Platform earlier than 5.0.1 HF1 and TIE Server earlier than 2.3.1 HF1 allows authenticated users to view sensitive information in plain text via the GUI or command line. http://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2019-3612 http://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2019-3612" [1] MITIGATION McAfee recommends updating to McAfee Data Exchange Layer versions 5.0.1 Hotfix 2 (HF2), 4.1.2 Hotfix 3 (HF3) and updating McAfee Threat Intelligence Exchange (TIE) Server version 2.3.1 Hotfix 1 (HF1) to address this vulnerability. [1] REFERENCES [1] McAfee Security Bulletin - Data Exchange Layer and Threat Intelligence Exchange updates fix an information disclosure vulnerability (CVE-2019-3612) https://kc.mcafee.com/corporate/index?page=content&id=SB10279 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXLPwi2aOgq3Tt24GAQhIFxAA3NwjHlmLVItYArpgIPwwVKFIjZxX/ERj nLLxvrm7LQSj6XGunnhE7hZpLN343yMLLyCCuvbYMIEL3KU8MZUGu6JZYrcW0HRv tL63ktpRB+bAQ1fGU5SnB+jbtqt6DM97rsD0lDmibkNU0Iz8NWb/PmX4SBtTwkdA nCQKiMxxlB4azvXqVY03UgIhZ0R3XH1Vh3LGjGtQvFg51h7bcMOX+Hf5bFERHSny 0wDBFPV2UqAI3XYWtiGHXlJp1b+4k2aKQUMGtC1f5kHXm9GcptBbybL0QHh+DCsO sKcd4xySWq3kuu8M/XjLbjHAcH1CORmmiyPQC3DICNjWmbO2XsYVV+dEsZd7TVSK PovAfe4xBN90BOeymLR9OXp6gDMC0TLHL7DDuSmvLUSz9NaeusdrnebhDIHRfsfz cW4knp/L2PW3oQ2QL6fOquKEcirrlgmNYBmNyO7exT+d71SWsPm4tt4Q0EuIxSSW u8PE7AR7qwZ3gIvpQE2zyvlL0MmKR5U6nUVtHSo1UNSNuiL1oMBIfVx6v5ov7EQx +Wq7xIYZPRDfYpgk4Rlc2R3bb+4YySrsCkPsO9CKGUSTEbEOEdiJ0hqB/nNT+c5L Oga6E95e/+ATr+XsTk5K3DV5YCkFFsQD9O9cWFzY+ppTKMASakyBqTjY/+5H5C2T X7oQv3NW9UI= =YYAC -----END PGP SIGNATURE-----