Threat Intelligence Exchange Server 3.x Known Issues

Environment

Threat Intelligence Exchange (TIE) Server 3.x

Summary

Recent updates to this article

Date	Update
February 8, 2022	Added: TIE Server 3.0.3 release details. Known issue references: TIESERVER-11116 Critical section references: TIESERVER-10577, TIESERVER-11537, TIESERVER-11534 Non-critical section references: TIESERVER-11110, TIESERVER-10972, TIESERVER-9256
December 30, 2021	Added TIE Server 3.0.1 Hotfix 4 release details. Released to address the log4j vulnerability.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Product release information

Version	Release date
TIE Server 3.0.3 (GA)	February 8, 2022
TIE Server 3.0.1 Hotfix 4 (GA)	December 30, 2021
TIE Server 3.0.1 (GA)	September 8, 2019
TIE Server 3.0.0 Hotfix 1 (GA)	November 12, 2019
TIE Server 3.0.0 (GA)	October 8, 2019

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.

Contents
Click to expand the section you want to view:

Critical known issues

Reference Number	Related Article	Found Version	Resolved Version	Issue Description
TIESERVER-10577	-	3.0.0	3.0.3	Issue: Upgraded OpenSSL library version to 1.0.2y to address the vulnerability CVE-2020-1971.
TIESERVER-11537		3.0.0	3.0.3	Issue: Upgraded Sudo library version to 1.8.6p3-32 to address the vulnerability CVE-2021-3156.
TIESERVER-11534		3.0.0	3.0.3	Issue: Upgraded Network Security Services (NSS) library version to 3.44.0-12.mlos2.x86_64.rpm to address the vulnerability CVE-2021-43527.
-	KB95091	3.0.0	3.0.1 Hotfix 4	Issue: Apache Log4j CVE-2021-44228 Remote Code Execution vulnerability.

Non-critical known issues

Reference Number	Related Article	Found Version	Resolved Version	Issue Description
Resolved issues
TIESERVER-11110	-	3.0.0	3.0.3	Issue: The TIE server drops DXL messages because of an issue with TIE's queuing system.
TIESERVER-10972	-	3.0.0	3.0.3	Issue: The TIE log files aren’t optimized. The root partition is filled up with log files.
TIESERVER-9256	KB95197	3.0.1	3.0.3	Issue: When you try to upgrade to TIE Server 3.0.1.165, the upgrade fails. The error below is recordedin the tieserver-3.0.1-xxx.log file (/var/log/): package nginx-filesystem-1:1.21.0-1.mlos2.noarch (which is newer than nginx-filesystem-1:1.19.1-1.mlos2.noarch) is already installed
TIESERVER-7600	KB92246	3.0.0	3.0.1	Issue: The console (SSH and VMware) session output doesn’t display on screen after running the "reconfig-network" script. Workaround: See the related article.
TIESERVER-7439	KB92096	3.0.0	3.0.0 Hotfix 1	Issue: Secondary or Reporting Secondary server upgrade fails when replication reset is tried after the Primary server is upgraded. Resolution: This issue is resolved in TIE 3.0.0 Hotfix 1. If you’ve upgraded your server to the TIE 3.0.0 GA version and experience the issue, see the related article.
TIESERVER-7371	-	3.0.0	3.0.0 Hotfix 1	Issue: When you run an "External Reputation" query, you still see the external reputation score in the "TIE Reputations" columns. Resolution: This issue is resolved in TIE 3.0.0 Hotfix 1.
Known Issues
TIESERVER-11116	KB95263	3.0.0	-	Issue: A Threat Intelligence Exchange Server upgrade fails when a custom index is added to the database. Workaround: See the related article for details.
TIESERVER-7037	-	3.0.0	-	Issue: You see the following error after you upgrade to TIE 3.0.0: "Not Available". The status is listed as a First Agent Guid in the 'Endpoints with most new unknown files' panel. The panel is in the 'TIE Server Priority Unknown Dashboards'. Cause: This behavior is expected. You see this behavior when files have a First contact date that is before the upgrade to 3.0.0, and the Latest Metadata update date is after the upgrade. (They have a Priority value, but no First Agent value). The panel shows Files whose First execution date is within a month, so "Not Available" doesn’t appear as First Agent Guid after one month. NOTE: After you upgrade to 3.0.0, the existing files don't have a value for First Agent attribute. Resolution: There’s no solution for TIE 3.0.0. This issue stops occurring one month from the date of the TIE Server upgrade.
-	-	2.3.0	-	Issue: Unattended deployment doesn’t allow multiple DNS servers. You can configure only one preferred DNS server in the Server Deployment extension. Workaround: Deploy using a single DNS server. Then, after deployment, add alternative DNS servers through the reconfig-network script.
1205248	-	2.1.0	-	Issue: An error displays when you select some custom filters and the "Enterprise Reputation" column. Neither of the "Composite Reputation" columns display. Resolution: Add the Composite Reputation column.
-	KB90844	2.3.0	-	Issue: The TIE Server Deployment Extension page doesn’t allow accented or double-byte characters in some fields. Resolution: See the related article for details.
-	-	2.3.1	-	Issue: Some of the queries have summary totals that don’t match the 'count of items'. You see this issue when you view items listed and the same query is drilled down. Cause: The first query executed uses a different date format than the one executed when the drill-down is made.

Back to top

How to edit text in an expand/collapse section
This article contains expandable sections. Use the steps below to make your edits:

NOTE: If you aren’t confident with editing HTML source code, add your update in the Related Information section with a comment where you want the update to be implemented, and then click Approve. A Knowledge Analyst will move the content to the correct section, and delete your content from the Related Information section. If you have questions, contact DL Knowledge Management Team.

Use either Internet Explorer or Google Chrome to open the article in KBIM.
In the section that contains the expandable content, click Source. Locate the following code:

<link href="https://support.mcafee.com/ServicePortal/content/conn/spr-ucm/path/Enterprise Libraries/sp/WebContent/css/Article-UCM.CSS" rel="stylesheet" type="text/css" />
Place an “x” in front of the word “link” so that it looks like this:

<xlink href="https://support.mcafee.com/ServicePortal/content/conn/spr-ucm/path/Enterprise Libraries/sp/WebContent/css/Article-UCM.CSS" rel="stylesheet" type="text/css" />
Click Source again. The “x” you entered in step 3 stops the CSS file from loading; the content in the expandable section now displays as normal text.
Make the needed changes to the content.
When you are finished, click Source and remove the “x” you entered before the word “link”.
Click Source again. Then click Save Document, and click Approve to move the article to the next workflow step.

Knowledge Center

Threat Intelligence Exchange Server 3.x Known Issues

Environment

Summary

Affected Products

Languages:

Title

Title

Knowledge Center

Threat Intelligence Exchange Server 3.x Known Issues

Environment

Summary

Affected Products

Languages:

Choose your region

Title

Title