CVE-2020-7252

MEDIUM

Mcafee Data Exchange Layer < 6.0.0 - Denial of Service

Title source: rule

Description

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10307

Scores

CVSS v3 4.2

EPSS 0.0016

EPSS Percentile 36.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-428 CWE-250

Status published

Products (1)

mcafee/data_exchange_layer < 6.0.0

Published Feb 17, 2020

Tracked Since Feb 18, 2026