Updated CVE-2019-3641

SB is live
2025-08-04 08:44:25 +00:00 · 2019-11-13 16:03:25 +05:30 · 2019-11-13 16:03:25 +05:30 · 7c56c40267
commit 7c56c40267
parent 64f9106996
1 changed files with 73 additions and 4 deletions
--- a/2019/3xxx/CVE-2019-3641.json
+++ b/2019/3xxx/CVE-2019-3641.json
@ -1,8 +1,34 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@mcafee.com",
        "ID": "CVE-2019-3641",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Exploitation of Authorization in TIE Server"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Threat Intelligence Exchange Server (TIE Server)",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_name": "3.0.x",
+                                            "version_value": "3.0.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "McAfee,LLC"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +37,51 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 4.5,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "HIGH",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-285 Improper Authorization"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10303",
+                "refsource": "CONFIRM",
+                "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10303"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "INTERNAL"
    }
-}
+}