CVE-2020-7252

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:36

Type Values Removed Values Added
CVSS v2 : 1.9
v3 : 5.5
v2 : 1.9
v3 : 4.2
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10307 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10307 -

07 Nov 2023, 03:25

Type Values Removed Values Added
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10307 - Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10307 -

Information

Published : 2020-02-17 07:15

Updated : 2024-11-21 05:36


NVD link : CVE-2020-7252

Mitre link : CVE-2020-7252

CVE.ORG link : CVE-2020-7252


JSON object : View

Products Affected

mcafee

  • data_exchange_layer

microsoft

  • windows
CWE
CWE-250

Execution with Unnecessary Privileges

CWE-428

Unquoted Search Path or Element