| Reference Number |
Related Article |
Found Version |
Resolved Version |
Issue Description |
| TIESERVER-6724 TIESERVER-6723 TIESERVER-6722 | SB10287 | 2.3.1 | 2.3.1 Hotfix 2 | Issue: Linux kernel TCP Sad SACK vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479). For more information, see the article in the Related Article column. |
| TIESERVER-6766 TIESERVER-6767 TIESERVER-6768 TIESERVER-6769 |
SB10292 | 2.3.1 | 2.3.1 Hotfix 2 | Issue: Intel "
|
| 1246409 TIESERVER-7247 |
SB10253 | 2.2.0 | 2.2.0 Hotfix 1 2.3.1 Hotfix 2 |
Issue: A unique SSH host key isn’t being created for each instance of TIE Server. SSH host keys generation vulnerability (CVE-2018-6695). For more information, see the article mentioned in the Related Article column. |
| 1242257 | SB10253 | 2.2.0 | 2.2.0 Hotfix 1 2.3.1 Hotfix 2 |
Issue: DHCP client vulnerability (CVE-2018-5732). For more information, see the article mentioned in the Related Article column. |
| 1237680 | SB10238 | 2.2.0 | 2.2.0 Hotfix 1 | Issue: Network Time Protocol (NTP) service vulnerability (CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185, CVE-2018-5732, and CVE-2018-5733. For more information, see the article mentioned in the Related Article column. |
| 1231412 | SB10238 | 2.2.0 | 2.2.0 Hotfix 1 | Issue: UDP Source Port Pass Firewall vulnerability. For more information, see the article mentioned in the Related Article column. |
| 1250106 1251698 |
SB10249 | 2.2.0 | 2.2.0 Hotfix 1 | Issue: Linux kernel vulnerability “SegmentSmack” (CVE-2018-5390) and the L1 Terminal Fault: OS/SMM vulnerability (CVE-2018-3620). For more information, see the article mentioned in the Related Article column. |
| 1258321 1264004 |
SB10272 SB10258 |
2.3.0 2.2.0 |
2.3.1 Hotfix 1 2.2.0 Hotfix 1 |
Issue: CVE-2019-3598 and CVE-2018-6703 regarding vulnerabilities with McAfee Agent. For more information, see the article mentioned in the Related Article column. |
| 1270184 | SB10279 | 2.0.1 2.2.0 |
2.3.1 Hotfix 1 2.2.0 Hotfix 1 |
Issue: CVE-2019-3612 regarding an information disclosure vulnerability. For more information, see the article mentioned in the Related Article column. |
| 1270670 | - | 2.3.0 2.2.0 |
2.3.1 Hotfix 1 2.2.0 Hotfix 1 |
Issue: CVE-2019-1559 regarding vulnerability with OpenSSL 1.0.2-1.0.2q. Resolution: The OpenSSL library is updated to 1.0.2r. |
| 1265946 | - | 2.3.0 | 2.3.1 | Issue: (CVE-2018-5391). The Linux kernel 3.9 and later, is vulnerable to a denial-of-service attack. Related to low rates of specially modified packets targeting IP fragment reassembly. An attacker can cause a denial-of-service condition by sending specially crafted IP fragments. Many vulnerabilities in IP fragmentation have been discovered and fixed over the years. The vulnerability became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Resolution: Linux kernel parameters are updated to mitigate a remote DoS attack known as FragmentSmack. |
| 1252977 1255210 |
- | 2.3.0 | 2.3.1 | Issue: (CVE-2018-15473 and CVE-2018-15919) OpenSSH through 7.7 is prone to a user enumeration vulnerability. Cause: OpenSSH doesn’t delay bailout for an invalid authenticating user until after the packet containing the request has been fully parsed. Related to Resolution: OpenSSH updated to 7.4p1-17 solves user enumeration/oracle attacks and includes a configuration change to disable GSSAPI Authentication. |
| 1262366 1266187 |
- | 2.3.0 | 2.3.1 | Issue: (CVE-2018-5407, CVE-2018-0734, and CVE-2018-0732) A vulnerability has been disclosed for OpenSSL that allows using Cache-like Attacks (CATs) to perform a downgrade attack against any TLS connection to a vulnerable server. It uses a Resolution: NOTE: Previously resolved with TIE Server 2.3.0 Hotfix 1, which is no longer available. |
| 1262122 | KB91145 | 2.3.0 | 2.3.1 | Issue: TIE Server 2.3.0 introduced a new version of log rotation that silently fails to parse the log rotation configuration files. As a result, the tieserver-start.log can exhaust the root partition storage space. Resolution: NOTE: Previously resolved with withTIE Server 2.3.0 Hotfix 1, which is no longer available.t. |
Threat Intelligence Exchange Server 2.x Known Issues
Artículos técnicos ID:
KB85172
Última modificación: 8/4/2021
Última modificación: 8/4/2021
Entorno
McAfee Threat Intelligence Exchange (TIE) Server 2.x
Resumen
Recent updates to this article
Product release information
Back to top
| Date | Update |
| August 4, 2021 | Added End of Life date for TIE Server version 2.1.x and 2.0.x. Updated naming to Primary and Secondary. |
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Product release information
| Version | Release date | Release Notes |
End of Life Date |
| TIE Server 2.3.1 Hotfix 2 (GA) | September 10, 2019 | Release Notes | - |
| TIE Server 2.3.1 Hotfix 1 (GA) | April 9, 2019 | Release Notes | |
| TIE Server 2.3.1 (GA) | February 12, 2019 | Release Notes | |
| TIE Server 2.3.0 Hotfix 1 (RTS)1 | December 20, 2018 | RTS | |
| TIE Server 2.3.0 (GA) | September 25, 2018 | Release Notes | |
| TIE Server 2.2.0 Hotfix 1 (GA) | April 23, 2019 | Release Notes | - |
| TIE Server 2.2.0 (GA) | May 8, 2018 | Release Notes | |
| TIE Server 2.1.1 Hotfix 3 (GA) | March 14, 2018 | EOL | December 17, 2019 |
| TIE Server 2.1.1 Hotfix 2 (GA) | March 1, 2018 | ||
| TIE Server 2.1.1 Hotfix 1 (GA) | December 12, 2017 | ||
| TIE Server 2.1.1 (GA) | December 4, 2017 | ||
| TIE Server 2.1.0 Hotfix 3 (GA) | September 28, 2017 | EOL | December 17, 2019 |
| TIE Server 2.1.0 Hotfix 2 (GA) | September 6, 2017 | ||
| TIE Server 2.1.0 Hotfix 1 (GA) | August 23, 2017 | ||
| TIE Server 2.1.0 (GA) | June 27, 2017 | ||
| TIE Server 2.0.1 (GA) | January 25, 2017 | EOL | December 17, 2019 |
| TIE Server 2.0.0 (GA) | October 3, 2016 | EOL | December 17, 2019 |
| 1 | McAfee Enterprise investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.
See KB51560 - McAfee Enterprise on-premises product release cycle for more information. |
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Contents
Click to expand the section you want to view:| Reference Number |
Related Article |
Found Version |
Resolved Version |
Issue Description |
| TIESERVER-8179 | 2.3.1 | 3.0.0 | Issue: The TIE Server help extension name includes a double underscore instead of a single one. Seen when you upgrade to 2.3.1 help extension version from earlier versions, or from 2.3.1 help extension version to a newer version. The installation doesn’t perform an upgrade, but installs the new version with the old one. Resolution: Manually uninstall the duplicate older TIE Server help extension version when no longer needed. |
|
| 1262895 | - | 2.2.0 | 2.3.1 | Issue: The TIE Server Topology Management page reports a Database and Storage health check error. Seen when the query that checks the size of the biggest table is executed while the table is vacuumed. Resolution: NOTE: Previously resolved with TIE Server 2.3.0 Hotfix 1, which is no longer available. |
| 1259727 | KB91106 | - | 2.3.1 | Issue: Deletion of MAR custom collector fails with the error:
"
The above is seen when the MAR server is active in a TIE Server secondary or reporting secondary appliance. Resolution: NOTE: Previously resolved withTIE Server 2.3.0 Hotfix 1, which is no longer available. |
| 1236478 | - | 2.2.0 | 2.3.0 | Issue: The error below is displayed when you use the ePO System Tree to view which certificate is being used: ClassCastException: com.mcafee.tie.server. ext.data.datasource.TieFirstRefDataSourceImpl Cannot be cast to com.mcafee.tie.server.ext. data.datasource. TieReputationSubjectDataSource Workaround: View the data on the TIE Reputations page:
|
| 1190547 | - | 2.1.0 | 2.3.0 | Issue: The TIE Server Infrastructure dashboard displays an empty entry in the DXL Broker monitor when the DXL appliance is used. Workaround: A new dashboard can include a duplicated and updated query, which doesn’t include blank entries. |
| 1243473 | - | 2.2.0 | 2.3.0 | Issue: [Extension] Save option is unexpectedly enabled on the Sandboxing tab, even when the fields are empty. When clicked, no change is made and no error is thrown. The screen becomes unresponsive with a loading sprite. |
| 1232956 | - | 2.2.0 | 2.3.0 | Issue: [Extension] Incorrect number of listed files when redirected from the TIE Server Files dashboard. |
| 1240132 | - | 2.2.0 | 2.3.0 | Issue: [Extension] The following error is shown when running a show Details action in ePO Threat Events, with an Event ID 1027 Malware Detected:
|
| 1240824 | - | 2.2.0 | 2.3.0 | Issue: [Extension] Users with read-only permissions can't see Server Settings on the topology page. |
| 1233311 | - | 2.2.0 | 2.3.0 | Issue: [Extension] The 'Latest Applied Rule' value in an exported TIE Reputation Table report isn’t the value that is displayed in TIE Reputation section. |
| 1242100 | - | 2.2.0 | 2.3.0 | Issue: [Server] Installation fails when using a TIE Server ISO file onto either Xen 6.5 or Xen 7.2. Although the installer runs, the console is blank after a system restart. |
| 1240281 | - | 2.2.0 | 2.3.0 | Issue: [Database] Remote writing isn’t disabled during a Primary TIE Server upgrade. |
| 1216979 | - | 2.1.0 | 2.2.0 | Issue: On the File Details, Additional information tab, the property “File Type Matches Extension” value is reversed. |
| 1221868 | - | 2.1.1 | 2.1.1 Hotfix 3 |
Issue: High CPU occurs on the TIE Server appliance in environments with multiple endpoints that have a significant number of unique files. Workaround: Update to TIE 2.1.1 Hotfix 3. |
| 1192947 | - | 2.1.0 | 2.1.1 | Issue: Errors occur when the reconfig-cert script runs. Workaround: No workaround is needed. These errors don’t affect the certificate reconfiguration function, only the logging. |
| 1213536 | - | 2.1.0 | 2.1.1 | Issue: When a submission to McAfee Cloud Threat Detection (CTD) fails because of a connection timeout, temporary files related to this submission are never deleted from the appliance in the Workaround: To remove the discarded files from disk, use the following command: |
| 1193094 | - | 2.0.x | 2.1.1 | Issue: Promoting a TIE Server from one operation mode to a new mode fails. Cause: The PostgreSQL (DB engine) is abnormally closed before the Promotion process completes. |
| 1212584 | - | 2.1.0 | 2.1.0 Hotfix 3 |
Issue: Files that don’t match the sandboxing submission criteria aren’t always removed from the TIE Server appliance. Workaround: To remove the discarded files from disk, use the following command: |
| 1209091 | - | 2.1.0 Hotfix 1 | 2.1.0 Hotfix 2 |
Issue: An upgrade to TIE 2.1.0 Hotfix 1 fails for Reputation Cache servers. Workaround: After you upgrade the rest of the servers, deploy a new TIE Server with 2.1.0 Hotfix 1, and assign the Reputation Cache operation mode to it. Remove the old TIE Server that has the 2.1.0 Reputation Cache. |
| 1193463 | - | 2.1.0 | 2.1.0 Hotfix 2 |
Issue: After an upgrade to TIE 2.1.0, the Cloud Threat Detection (CTD) policy is enabled by default in a non-default TIE policy. Workaround: Manually disable the CTD integration on the custom policy definitions, if any. |
| 1161086 | - | 1.3.0, 2.0.0 |
2.1.0 | Issue: Drilling down to the information in TIE Reputation times out when a hash has a large number, such as thousands, of different file names. Cause: The size of the DXL message with the hash information is larger than the default upper limit. There could also be another scenario of the same hash being renamed and re-executed under different paths. |
| - | 1.3.0, 2.0.0 |
2.1.0 | Issue: Incorrect ownership in an NTP folder doesn’t allow the drifting mechanism to work. Failure generates an error in the daemon.log file. Cause: The folder for the NTP drift file has an incorrectly configured owner. Workaround: Change the owner of the folder by executing the following command: |
|
| 1167449 | 2.0.0 | 2.0.1 | Issue: Duplicate entries exist in a multiple ePolicy Orchestrator (ePO) shared topology after reusing a host name. Cause: Policy exchange between the ePO server causes confusing information to merge when host names are reused. Workaround: Force policy repopulation from scratch by restarting the ePO services:
|
|
| 1162363 | KB88031 | 2.0.0 | 2.0.1 | Issue: Initial McAfee Agent (MA) configuration fails if ePO certificates aren’t valid. Cause: MA provisioning steps try to retrieve and validate ePO certificates, resulting in Failed to get ePO FIPS mode errors. |
| - | - | 2.0.0 | 2.0.1 | Issue: Reputation response latency is impacted under load when running the DXL broker inside the TIE appliance. Cause: The loopback interface isn’t optimized for low latency messaging by default. Workaround: Change the current MTU for loopback using the command: Append MTU=1500 to the end of |
| 1155785 | 2.0.0 | 2.0.1 | Issue: An error is recorded in the PostgreSQL logs when starting the TIE Server service. The error line is similar to the following:
Cause: This issue occurs with the latest version of PostgreSQL used in the TIE Server, which includes some initialization checks. As part of database security hardening, the Workaround: No workaround is needed. This error doesn’t impact TIE Server operation and can be safely ignored. |
|
| 1160445 | 2.0.0 | 2.0.1 | Issue: After you upgrade from TIE Server 1.2.1, the following symptoms are observed in the ePO System Tree:
Workaround: After the upgrade is complete in the TIE Server appliance, run the |
|
| - | - | 2.3.0 | n/a | Issue: Unattended deployment doesn’t allow multiple DNS servers. Only one preferred DNS server can be configured in the Server Deployment extension. Workaround: Deploy using a single DNS server and after deployment, add alternative DNS servers through the reconfig-network script. |
| 1205248 | - | 2.1.0 | n./a | Issue: An error displays when you select some custom filters and the "Enterprise Reputation" column. Neither of the "Composite Reputation" columns display. Resolution: Add the Composite Reputation column. |
| - | - | 1.3.0 | n/a | Issue: When you try to register a TIE Server database with a host name or fully qualified domain name, the following error message displays while you perform a test connection:
DatabaseConnectivityException: Failed to get a connection: The connection attempt failed.. Navigate to https://8443/core/config and verify database connection settings In TIE 1.3.0, it isn’t possible to use the host name or fully qualified domain name when you register a TIE Server database. The change was implemented in authenticated database connections with certificates signed by ePO. |
| - | KB90844 | 2.3.0 | n/a | Issue: The TIE Server Deployment Extension page doesn’t allow accented or double-byte characters in some fields. Resolution: See the related article for details. |
| - | KB86144 | 1.3.0 | n/a | Issue: When you try to upgrade TIE while having significant load on the TIE Server primary, or writer, instance, the upgrade process fails. The installation log file located in See the related article for details. |
| 1122996 | - | 1.3.0 | n/a | Issue: After sorting is enabled on the TIE File Reputations tab, you can't remove the filters by disabling the sorting. |
| 1108473 | - | 1.2.1 | n/a | Issue: The TIE Reputation page shows missing File Name Reputation metadata. Resolution: File name and other attributes are sent after execution and might be missing if still not prevalent. Force attribute metadata submission by manually executing the file on an endpoint. |
| 1054218 | 1.1.0 | n/a | Issue: Report and dashboard titles aren’t localized after you upgrade the TIE Server extensions to version 1.1 or later. Workaround: Install a clean copy of TIE 1.1 or later extensions. This issue doesn’t occur with a clean installation:
|
|
| 1046267 | - | 1.1.0 | n/a | Issue: Performing consecutive TIE Server upgrades, without rebooting the appliance or restarting the MA service, fails with the following error and the MA service crashes. Example. You don’t reboot the appliance, or restart the MA service after upgrading the TIE Server from version 1.0.0 to 1.0.1. In this scenario, the upgrade from version 1.0.1 to 1.1.0 fails. We're in pre-upgrade Stop the service Stopping McAfee TIE Server: .Error: %pre(tieserver-1.1.0-248.mlos2.x86_64) scriptlet failed, signal 15 Error: install: %pre scriplet failed (2), skipping tieserver-1.1.0-248.mlos2 "/var/log/tieserver-1.1.0-248.log" 21L, 1059C Workaround: To prevent the issue, after upgrading the TIE Server to version 1.0.1, reboot the appliance or restart the MA service before upgrading to TIE Server 1.1.0.
|
| 992120 | - | 1.1.0 | n/a | Issue: A Global Reviewer user can't see the TIE Server queries; the TIE Server Reputations page is blank. Resolution: Create a user and assign the TIE Reputation view as part of its permission sets. |
| 1035058 | - | 1.0.1 | n/a |
Issue: An incorrect deployment status is displayed when upgrading the TIE Server by deploying the TIE Platform, TIE Server, or DXL Broker from the Product Deployment page. You might see either of the following incorrect statuses:
Workaround: Create the deployment task from the Create Client Task page instead of the Product Deployment page.
|
| 1086567, 1085351 | - | 1.0.0 | n/a | Issue: A slow replication period between Primary and Secondary might cause conflicts when handling the same file hash concurrently in different TIE Server instances. Resolution: Wait until the replication succeeds and retry. |
| 1086039 | 1.0.0 | n/a | Issue: The Certificate Search Tab table isn’t refreshed after an enterprise reputation is changed when running a Primary/Secondary configuration with delayed replication. Workaround: Refresh the information by refreshing the page or querying the certificates. |
|
| 1022264 | 1.0.0 | n/a | Issue: The TIE Reputations page in ePO occasionally shows the following message when searching for Files or Certificates:
Explanation: This error message likely occurs after the TIE Server is restarted, or if the appliance rebooted. But both, before the DXL Broker TTL has expired. If you restart the TIE Server multiple times in quick succession, you can expect this error once for each server restart. For example, if you restart the TIE Server three times in the span of an hour, expect this error message to occur three times, with the fourth search attempt succeeding. If the Broker TTL has expired before a search is performed, this error doesn’t occur. |
|
| 989348 | 1.0.0 | n/a |
Issue: A user without a permission set assigned can't configure MA in the TIE Server.
Workaround: A user with any permission set can configure MA in the TIE Server.
|
Back to top
Productos implicados
Idiomas:
Este artículo se encuentra disponible en los siguientes idiomas:
GermanEnglish United States
Spanish Spain
French
Italian
Japanese
Portuguese Brasileiro
Chinese Simplified
Glosario de términos técnicos
Resaltar los términos del glosario
Tómese un momento para consultar nuestro Glosario de términos técnicos.
