CVE-2018-6695

Name of the Vulnerable Software and Affected Versions McAfee Threat Intelligence Exchange Server (TIE Server) versions 1.3.0, 2.0.x, 2.1.x, 2.2.0

Description The issue allows man-in-the-middle attackers to spoof servers by acquiring keys from another environment, due to a vulnerability in SSH host keys generation in the server.

Recommendations For version 1.3.0, update to a version that includes a fix for the SSH host keys generation vulnerability. For versions 2.0.x, 2.1.x, and 2.2.0, update to a version that includes a fix for the SSH host keys generation vulnerability. As a temporary workaround, consider restricting access to the SSH server to minimize the risk of exploitation.