McAfee – Data Exchange Layer Broker (Windows) update fixes
Unquoted service executable path – vulnerability (CVE-2020-7252). On Windows Server platforms, the DXL Broker service executable resides in a path that contains blank space characters. When the installer installed the service, the service executable path was not enclosed within double quotes. This fact can lead to a denial-of-service, if specially named executables are placed along the folder path.
Impact of Vulnerability: | Denial-of-service (CWE-730, OWASP 2004:A9) Malicious File Execution (CWE-714, OWASP 2004:A3) |
CVE ID: | CVE-2020-7252 |
Severity Rating: | Medium |
CVSS v3 Base/Temporal Scores: | 4.2 / 3.8 |
Recommendations: | Install or update to Data Exchange Layer (DXL) Broker 6.0.0 Hotfix 1 Install or update to DXL Broker 5.0.2 Hotfix 1 |
Security Bulletin Replacement: | None |
Affected Software: | DXL Broker for Windows 6.0.0 and earlier |