| Reference Number |
Related Article |
Found Version |
Resolved Version |
Issue Description |
| TIESERVER-6724 TIESERVER-6723 TIESERVER-6722 | SB10287 | 2.3.1 | 2.3.1 Hotfix 2 | Issue: Linux kernel TCP Sad SACK vulnerability (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479). For more information, see the related article. |
| TIESERVER-6766 TIESERVER-6767 TIESERVER-6768 TIESERVER-6769 |
SB10292 | 2.3.1 | 2.3.1 Hotfix 2 |
Issue: Intel "
For more information, see the related article.
|
| 1246409 TIESERVER-7247 |
SB10253 | 2.2.0 | 2.2.0 Hotfix 1 2.3.1 Hotfix 2 |
Issue: A unique SSH host key isn't created for each instance of the TIE Server; that is, SSH host key generation vulnerability (CVE-2018-6695). For more information, see the related article. |
| 1242257 | SB10253 | 2.2.0 | 2.2.0 Hotfix 1 2.3.1 Hotfix 2 |
Issue: DHCP client vulnerability (CVE-2018-5732). For more information, see the related article. |
| 1237680 | SB10238 | 2.2.0 | 2.2.0 Hotfix 1 | Issue: Network Time Protocol (NTP) service vulnerability (CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185, CVE-2018-5732, and CVE-2018-5733). For more information, see the related article. |
| 1231412 | SB10238 | 2.2.0 | 2.2.0 Hotfix 1 | Issue: UDP Source Port Pass Firewall vulnerability. For more information, see the related article. |
| 1250106 1251698 |
SB10249 | 2.2.0 | 2.2.0 Hotfix 1 | Issue: Linux kernel vulnerability "SegmentSmack" (CVE-2018-5390) and the L1 Terminal Fault: OS/SMM vulnerability (CVE-2018-3620). For more information, see the related article. |
| 1258321 1264004 |
SB10272 SB10258 |
2.3.0 2.2.0 |
2.3.1 Hotfix 1 2.2.0 Hotfix 1 |
Issue: CVE-2019-3598 and CVE-2018-6703, regarding vulnerabilities with McAfee Agent (MA). For more information, see the related article. |
| 1270184 | SB10279 | 2.0.1 2.2.0 |
2.3.1 Hotfix 1 2.2.0 Hotfix 1 |
Issue: CVE-2019-3612, regarding an information disclosure vulnerability. For more information, see the related article. |
| 1270670 | - | 2.3.0 2.2.0 |
2.3.1 Hotfix 1 2.2.0 Hotfix 1 |
Issue: CVE-2019-1559, regarding vulnerability with OpenSSL 1.0.2–1.0.2q. Resolution: The OpenSSL library is updated to 1.0.2r. |
| 1265946 | - | 2.3.0 | 2.3.1 | Issue: (CVE-2018-5391) The Linux kernel 3.9 and later are vulnerable to a denial-of-service attack. The issue is related to low rates of specially modified packets targeting IP fragment reassembly. An attacker can cause a denial-of-service condition by sending specially crafted IP fragments. Many vulnerabilities in IP fragmentation have been discovered and fixed over the years. The vulnerability became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Resolution: Linux kernel parameters are updated to mitigate a remote DoS attack known as FragmentSmack. |
| 1252977 1255210 |
- | 2.3.0 | 2.3.1 | Issue: (CVE-2018-15473 and CVE-2018-15919) OpenSSH through 7.7 is prone to a user enumeration vulnerability. Cause: OpenSSH doesn't delay bailout for an invalid authenticating user until after the packet containing the request is fully parsed. Related to Resolution: OpenSSH updated to 7.4p1-17 solves user enumeration or oracle attacks and includes a configuration change to disable GSSAPI Authentication. |
| 1262366 1266187 |
- | 2.3.0 | 2.3.1 | Issue: (CVE-2018-5407, CVE-2018-0734, and CVE-2018-0732) A vulnerability is disclosed for OpenSSL that allows using Cache-like Attacks to perform a downgrade attack against any TLS connection to a vulnerable server. It uses a Resolution: NOTE: This issue was previously resolved with TIE Server 2.3.0 Hotfix 1, which is no longer available. |
| 1262122 | KB91145 | 2.3.0 | 2.3.1 | Issue: TIE Server 2.3.0 introduces a new version of log rotation that silently fails to parse the log rotation configuration files. As a result, the Resolution: NOTE: This issue was previously resolved with TIE Server 2.3.0 Hotfix 1, which is no longer available. |
Threat Intelligence Exchange Server 2.x Known Issues
Technical Articles ID:
KB85172
Last Modified: 2023-09-07 09:01:58 Etc/GMT
Last Modified: 2023-09-07 09:01:58 Etc/GMT
Environment
Threat Intelligence Exchange (TIE) Server 2.x
Summary
Recent updates to this article
Product release information
Back to top
| Date | Update |
| September 7, 2023 | Added End of Life (EOL) date for TIE Server 2.3.1. |
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Product release information
| Version | Release Date | Release Notes | EOL Date |
| TIE Server 2.3.1 Hotfix 2 (GA) | September 10, 2019 | Release Notes | December 31, 2022 |
| TIE Server 2.3.1 Hotfix 1 (GA) | April 9, 2019 | Release Notes | |
| TIE Server 2.3.1 (GA) | February 12, 2019 | Release Notes | |
| TIE Server 2.3.0 Hotfix 1 (RTS)1 | December 20, 2018 | RTS | December 31, 2022 |
| TIE Server 2.3.0 (GA) | September 25, 2018 | Release Notes | |
| TIE Server 2.2.0 Hotfix 1 (GA) | April 23, 2019 | Release Notes | December 31, 2022 |
| TIE Server 2.2.0 (GA) | May 8, 2018 | Release Notes | |
| TIE Server 2.1.1 Hotfix 3 (GA) | March 14, 2018 | EOL | December 17, 2019 |
| TIE Server 2.1.1 Hotfix 2 (GA) | March 1, 2018 | ||
| TIE Server 2.1.1 Hotfix 1 (GA) | December 12, 2017 | ||
| TIE Server 2.1.1 (GA) | December 4, 2017 | ||
| TIE Server 2.1.0 Hotfix 3 (GA) | September 28, 2017 | EOL | December 17, 2019 |
| TIE Server 2.1.0 Hotfix 2 (GA) | September 6, 2017 | ||
| TIE Server 2.1.0 Hotfix 1 (GA) | August 23, 2017 | ||
| TIE Server 2.1.0 (GA) | June 27, 2017 | ||
| TIE Server 2.0.1 (GA) | January 25, 2017 | EOL | December 17, 2019 |
| TIE Server 2.0.0 (GA) | October 3, 2016 | EOL | December 17, 2019 |
| 1 | We investigated this issue and a solution is currently available. This solution is currently not generally available, but is in Released to Support (RTS) status. To obtain the RTS build, log on to the ServicePortal and create a Service Request. Include this article number in the Problem Description field.
See KB51560 - On-premises product release cycle for more information. |
Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, go to the Product Downloads site.
Contents
Click to expand the section you want to view:
| Reference Number |
Related Article |
Found Version |
Resolved Version |
Issue Description |
| TIESERVER-8179 | 2.3.1 | 3.0.0 | Issue: The TIE Server help extension name includes a double underscore instead of a single one. This issue is seen when you upgrade to the 2.3.1 help extension version from earlier versions, or from the 2.3.1 help extension version to a newer version. The installation doesn't perform an upgrade, but installs the new version with the old one. Resolution: Manually uninstall the duplicate older TIE Server help extension version when no longer needed. |
|
| 1262895 | - | 2.2.0 | 2.3.1 | Issue: The TIE Server Topology Management page reports a Database and Storage health check error. This issue is seen when the query that checks the size of the biggest table is executed while the table is vacuumed. Resolution: NOTE: This issue was previously resolved with TIE Server 2.3.0 Hotfix 1, which is no longer available. |
| 1259727 | KB91106 | - | 2.3.1 |
Issue: Deletion of the MAR custom collector fails with the error below:
"
The above error is seen when the MAR server is active in a TIE Server secondary or reporting secondary appliance. Resolution: NOTE: This issue was previously resolved withTIE Server 2.3.0 Hotfix 1, which is no longer available. |
| 1236478 | - | 2.2.0 | 2.3.0 |
Issue: The error below is displayed when you use the ePolicy Orchestrator (ePO) System Tree to view which certificate is being used:
Errors similar to the following are recorded in the
ClassCastException: com.mcafee.tie.server. ext.data.datasource.TieFirstRefDataSourceImpl Cannot be cast to com.mcafee.tie.server.ext. data.datasource. TieReputationSubjectDataSource Workaround: View the data on the TIE Reputations page.
|
| 1190547 | - | 2.1.0 | 2.3.0 | Issue: The TIE Server Infrastructure dashboard displays an empty entry in the DXL Broker monitor when the DXL appliance is used. Workaround: A new dashboard can include a duplicated and updated query, which doesn't include blank entries. |
| 1243473 | - | 2.2.0 | 2.3.0 | Issue: [Extension] The Save option is unexpectedly enabled on the Sandboxing tab, even when the fields are empty. When clicked, no change is made and no error is thrown. The screen becomes unresponsive with a loading sprite. |
| 1232956 | - | 2.2.0 | 2.3.0 | Issue: [Extension] Incorrect number of listed files when redirected from the TIE Server File dashboard. |
| 1240132 | - | 2.2.0 | 2.3.0 |
Issue: [Extension] The following error is shown when running a show Details action in ePO Threat Events, with an Event ID 1027 Malware Detected:
|
| 1240824 | - | 2.2.0 | 2.3.0 | Issue: [Extension] Users with read-only permissions can't see the Server Settings on the topology page. |
| 1233311 | - | 2.2.0 | 2.3.0 | Issue: [Extension] The 'Latest Applied Rule' value in an exported TIE Reputation Table report isn't the value that's displayed in the TIE Reputation section. |
| 1242100 | - | 2.2.0 | 2.3.0 | Issue: [Server] Installation fails when using a TIE Server ISO file onto either Xen 6.5 or Xen 7.2. Although the installer runs, the console is blank after a system restart. |
| 1240281 | - | 2.2.0 | 2.3.0 | Issue: [Database] Remote writing isn't disabled during a Primary TIE Server upgrade. |
| 1216979 | - | 2.1.0 | 2.2.0 | Issue: On the File Details, Additional information tab, the property "File Type Matches Extension" value is reversed. |
| 1221868 | - | 2.1.1 | 2.1.1 Hotfix 3 |
Issue: High CPU occurs on the TIE Server appliance in environments with multiple endpoints that have a significant number of unique files. Workaround: Update to TIE 2.1.1 Hotfix 3. |
| 1192947 | - | 2.1.0 | 2.1.1 | Issue: Errors occur when the Workaround: No workaround is needed. These errors don't affect the certificate reconfiguration function, only the logging. |
| 1213536 | - | 2.1.0 | 2.1.1 |
Issue: When a submission to Cloud Threat Detection (CTD) fails because of a connection timeout, temporary files related to this submission are never deleted from the appliance in the
Workaround: To remove the discarded files from the disk, use the following command: |
| 1193094 | - | 2.0.x | 2.1.1 | Issue: Promoting a TIE Server from one operation mode to a new mode fails. Cause: The PostgreSQL (DB engine) is abnormally closed before the Promotion process completes. |
| 1212584 | - | 2.1.0 | 2.1.0 Hotfix 3 |
Issue: Files that don't match the sandboxing submission criteria aren't always removed from the TIE Server appliance.
Workaround: To remove the discarded files from the disk, use the following command: |
| 1209091 | - | 2.1.0 Hotfix 1 | 2.1.0 Hotfix 2 |
Issue: An upgrade to TIE 2.1.0 Hotfix 1 fails for Reputation Cache servers. Workaround: After you upgrade the rest of the servers, deploy a new TIE Server with 2.1.0 Hotfix 1, and assign the Reputation Cache operation mode to it. Remove the old TIE Server that has the 2.1.0 Reputation Cache. |
| 1193463 | - | 2.1.0 | 2.1.0 Hotfix 2 |
Issue: After an upgrade to TIE 2.1.0, the CTD policy is enabled by default in a non-default TIE policy. Workaround: Manually disable the CTD integration on the custom policy definitions, if any. |
| 1161086 | - | 1.3.0, 2.0.0 |
2.1.0 | Issue: Drilling down to the information in TIE Reputation times out when a hash has a large number, such as thousands, of different file names. Cause: The size of the DXL message with the hash information is larger than the default upper limit. There can also be another scenario of the same hash being renamed and re-executed under different paths. |
| - | 1.3.0, 2.0.0 |
2.1.0 |
Issue: Incorrect ownership in an NTP folder doesn't allow the drifting mechanism to work. Failure generates an error in the
Cause: The folder for the NTP drift file has an incorrectly configured owner. Workaround: Change the owner of the folder by executing the following command: |
|
| 1167449 | 2.0.0 | 2.0.1 |
Issue: Duplicate entries exist in a multiple ePO-shared topology after reusing a host name.
Cause: Policy exchange between the ePO server causes confusing information to merge when host names are reused. Workaround: Force policy repopulation from scratch by restarting the ePO services:
|
|
| 1162363 | KB88031 | 2.0.0 | 2.0.1 | Issue: Initial MA configuration fails if ePO certificates aren't valid. Cause: MA provisioning steps try to retrieve and validate ePO certificates, resulting in Failed to get ePO FIPS mode errors. |
| - | - | 2.0.0 | 2.0.1 |
Issue: Reputation response latency is impacted under a load when running the DXL broker inside the TIE appliance.
Cause: The loopback interface isn't optimized for low latency messaging by default. Workaround: Change the current MTU for loopback using the command below: Append MTU=1500 to the end of |
| 1155785 | 2.0.0 | 2.0.1 |
Issue: An error is recorded in the PostgreSQL logs when starting the TIE Server service. The error line is similar to the following:
The PostgreSQL logs are located in
Cause: This issue occurs with the latest version of PostgreSQL used in the TIE Server, which includes some initialization checks. As part of database security hardening, the Workaround: No workaround is needed. This error doesn't impact TIE Server operation and can be safely ignored. |
|
| 1160445 | 2.0.0 | 2.0.1 |
Issue: After you upgrade from TIE Server 1.2.1, the following symptoms are observed in the ePO System Tree:
Cause: After the upgrade from TIE Server 1.2.1 completes, the TIE Server is unable to start because PostgreSQL doesn't start. PostgreSQL doesn't start owing to missing certificates, because the Certificate Handshake isn't running. Because the TIE Server isn't actually running, the DXL client is also not running; therefore, the connectivity check and lookup fail.
Workaround: After the upgrade is complete in the TIE Server appliance, run the |
|
| - | - | 2.3.0 | n/a | Issue: Unattended deployment doesn't allow multiple DNS servers. Only one preferred DNS server can be configured in the Server Deployment extension. Workaround: Deploy using a single DNS server, and after deployment, add alternative DNS servers through the reconfig-network script. |
| 1205248 | - | 2.1.0 | n./a | Issue: An error displays when you select some custom filters and the "Enterprise Reputation" column. Neither of the "Composite Reputation" columns display. Resolution: Add the Composite Reputation column. |
| - | - | 1.3.0 | n/a |
Issue: When you try to register a TIE Server database with a host name or fully qualified domain name, the following error message displays while you perform a test connection:
DatabaseConnectivityException: Failed to get a connection: The connection attempt failed.. Navigate to https://8443/core/config and verify database connection settings Workaround: Use the TIE Server IP address instead of the host name or fully qualified domain name.
In TIE 1.3.0, it isn't possible to use the host name or fully qualified domain name when you register a TIE Server database. The change is implemented in authenticated database connections with certificates signed by ePO. |
| - | KB90844 | 2.3.0 | n/a | Issue: The TIE Server Deployment Extension page doesn't allow accented or double-byte characters in some fields. Resolution: See the related article for details. |
| - | KB86144 | 1.3.0 | n/a |
Issue: When you try to upgrade TIE while having a significant load on the TIE Server primary or writer instance, the upgrade process fails. The installation log file located in
Workaround: To avoid issues with resource locking, stop related TIE Server service instances and only start the database engine in the affected TIE Server primary or writer. After completing the TIE Server primary upgrade, restart the TIE Server secondary instances and then complete their upgrade.
See the related article for details. |
| 1122996 | - | 1.3.0 | n/a | Issue: After sorting is enabled on the TIE File Reputations tab, you can't remove the filters by disabling the sorting. |
| 1108473 | - | 1.2.1 | n/a | Issue: The TIE Reputation page shows missing File Name Reputation metadata. Resolution: File name and other attributes are sent after execution and might be missing if still not prevalent. Force attribute metadata submission by manually executing the file on an endpoint. |
| 1054218 | 1.1.0 | n/a |
Issue: Report and dashboard titles aren't localized after you upgrade the TIE Server extensions to version 1.1 or later.
Workaround: Install a clean copy of TIE 1.1 or later extensions. This issue doesn't occur with a clean installation:
|
|
| 1046267 | - | 1.1.0 | n/a |
Issue: Performing consecutive TIE Server upgrades, without rebooting the appliance or restarting the MA service fails with the following error and the MA service crashes.
Example: You don't reboot the appliance or restart the MA service after upgrading the TIE Server from version 1.0.0 to 1.0.1. In this scenario, the upgrade from version 1.0.1 to 1.1.0 fails. We're in pre-upgrade Stop the service Stopping McAfee TIE Server: .Error: %pre(tieserver-1.1.0-248.mlos2.x86_64) scriptlet failed, signal 15 Error: install: %pre scriplet failed (2), skipping tieserver-1.1.0-248.mlos2 "/var/log/tieserver-1.1.0-248.log" 21L, 1059C Workaround: To prevent the issue, after upgrading the TIE Server to version 1.0.1, reboot the appliance or restart the MA service before upgrading to TIE Server 1.1.0.
|
| 992120 | - | 1.1.0 | n/a | Issue: A Global Reviewer user can't see the TIE Server queries; the TIE Server Reputations page is blank. Resolution: Create a user and assign the TIE Reputation view as part of its permission sets. |
| 1035058 | - | 1.0.1 | n/a |
Issue: An incorrect deployment status is displayed when upgrading the TIE Server by deploying the TIE Platform, TIE Server, or DXL Broker from the Product Deployment page. You might see either of the following incorrect statuses:
Workaround: Create the deployment task from the Create Client Task page instead of the Product Deployment page.
|
| 1086567, 1085351 | - | 1.0.0 | n/a | Issue: A slow replication period between Primary and Secondary might cause conflicts when handling the same file hash concurrently in different TIE Server instances. Resolution: Wait until the replication succeeds and retry. |
| 1086039 | 1.0.0 | n/a | Issue: The Certificate Search Tab table isn't refreshed after an enterprise reputation is changed when running a Primary/Secondary configuration with delayed replication. Workaround: Refresh the information by refreshing the page or querying the certificates. |
|
| 1022264 | 1.0.0 | n/a |
Issue: The TIE Reputations page in ePO occasionally shows the following message when searching for Files or Certificates:
Explanation: This error message likely occurs after the TIE Server is restarted, or if the appliance is rebooted. But both these actions should be performed before the DXL Broker TTL expires. If you restart the TIE Server multiple times in quick succession, you can expect this error once for each server restart. For example, if you restart the TIE Server three times in the span of an hour, expect this error message to occur three times, with the fourth search attempt succeeding. If the Broker TTL expires before a search is performed, this error doesn't occur. |
|
| 989348 | 1.0.0 | n/a |
Issue: A user without a permission set assigned can't configure MA in the TIE Server.
Workaround: A user with any permission set can configure MA in the TIE Server.
|
Back to top
Affected Products
Languages:
This article is available in the following languages:
