{"api_version":"1","generated_at":"2026-04-22T22:49:23+00:00","cve":"CVE-2019-3641","urls":{"html":"https://cve.report/CVE-2019-3641","api":"https://cve.report/api/cve/CVE-2019-3641.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-3641","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-3641"},"summary":{"title":"CVE-2019-3641","description":"Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.","state":"PUBLIC","assigner":"psirt@mcafee.com","published_at":"2019-11-13 11:15:00","updated_at":"2023-11-07 03:10:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10303","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10303","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"McAfee Security Bulletin - Threat Intelligence Exchange Server update fixes an Exploitation of Authorization vulnerability (CVE-2019-3641)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-3641","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3641","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"3641","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"threat_intelligence_exchange_server","cpe6":"3.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"3641","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"threat_intelligence_exchange_server","cpe6":"3.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@mcafee.com","ID":"CVE-2019-3641","STATE":"PUBLIC","TITLE":"Exploitation of Authorization in TIE Server"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Threat Intelligence Exchange Server (TIE Server)","version":{"version_data":[{"version_affected":"=","version_name":"3.0.x","version_value":"3.0.0"}]}}]},"vendor_name":"McAfee,LLC"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285 Improper Authorization"}]}]},"references":{"reference_data":[{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10303","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10303"}]},"source":{"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2019-11-13 11:15:00","lastModifiedDate":"2023-11-07 03:10:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":4.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"3641","Ordinal":"141249","Title":"CVE-2019-3641","CVE":"CVE-2019-3641","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"3641","Ordinal":"1","NoteData":"Abuse of Authorization vulnerability in APIs exposed by TIE server in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 allows remote authenticated users to modify stored reputation data via specially crafted messages.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"3641","Ordinal":"2","NoteData":"2019-11-13","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"3641","Ordinal":"3","NoteData":"2019-11-13","Type":"Other","Title":"Modified"}]}}}