CVE-2020-7252

Summary

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

Affected Software

VendorProductVersion RangeStatus
McAfee, LLCData Exchange Layer (DXL) Broker6.0.x <= 6.0.0affected
McAfee, LLCData Exchange Layer (DXL) Broker5.0.x <= 5.0.2affected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

ADP Enrichment

CVE Program Container

Additional References

References