News > Secutec News

McAfee – Data Exchange Layer Broker (Windows) update fixes

Unquoted service executable path – vulnerability (CVE-2020-7252). On Windows Server platforms, the DXL Broker service executable resides in a path that contains blank space characters. When the installer installed the service, the service executable path was not enclosed within double quotes. This fact can lead to a denial-of-service, if specially named executables are placed along the folder path.
 

Impact of Vulnerability: Denial-of-service (CWE-730, OWASP 2004:A9)
Malicious File Execution (CWE-714, OWASP 2004:A3)
 CVE ID: CVE-2020-7252
 Severity Rating: Medium
 CVSS v3 Base/Temporal Scores: 4.2 / 3.8
 Recommendations: Install or update to Data Exchange Layer (DXL) Broker 6.0.0 Hotfix 1
Install or update to DXL Broker 5.0.2 Hotfix 1
 Security Bulletin Replacement: None
 Affected Software: DXL Broker for Windows 6.0.0 and earlier

 
 
Release notes 6.0

Release notes 5.0

For more questions, please contact our support team

Contact Us

  • This field is for validation purposes and should be left unchanged.