Loading...

Knowledge Center


McAfee SNS Notice: Updates Resolve Data Exchange Layer Vulnerabilities
SNS Emails ID:   SNS1982
Last Modified:  5/7/2019

Body

Multiple vulnerabilities in Data Exchange Layer have been discovered and resolved. 

AFFECTED SOFTWARE
  • Data Layer Exchange 5.0.1 Platform Hotfix 2 and below  
  • Data Layer Exchange Platform 4.0.0 Hotfix 8 and below
REMEDIATED/UPDATED VERSIONS

The vulnerabilities are remediated in these versions:
  • Data Exchange Layer 5.0.1 Hotfix 3  
  • Data Exchange Layer 4.0.0 Hotfix 9   
IMPACT
  • CVE-2018-6703 (CVSS: 9.8; Severity: Critical) Use After Free vulnerability in the remote logging functionality within McAfee Agent
  • CVE-2019-3612 (CVSS: 8.2; Severity: High) Disclosure of sensitive information to local users
  • CVE-2018-5391(CVSS: 7.5; Severity: High) The Linux kernel, versions 3.9+, is vulnerable to a denial-of-service attack
  • CVE-2018-15473 (CVSS: 5.3; Medium: Medium) OpenSSH through 7.7 is prone to a user enumeration vulnerability
  • CVE-2018-0737(CVSS: 5.9; Severity: Medium) The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack
  • CVE-2019-3598(CVSS: 5.3; Severity: Medium) Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a partial denial-of-service via specifically crafted UDP packets.
RECOMMENDATION

McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see the following Knowledge Base articles: ALSO INCLUDED IN THESE RELEASES

For a full list of changes, see the Release Notes:
To receive information about McAfee product updates, sign up for the Support Notification Service at https://sns.secure.mcafee.com/signup_login.

Original Send Date

May 7, 2019

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.