A vulnerability in DXL Broker for Windows before 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial of service attack on the DXL Broker.
Vulnerability in McAfee
Twitter
LinkedIn
Facebook
CVE
Vulnerability type
Privilege Escalation
Pentester
Florian Hansemann
Publication
29.06.2022
Software version
Data Exchange Layer (DXL) Broker (Windows only) <= 6.0.0.x & 5.x
Timeline
– 30.03.2022 Manufacturer informs
– 03.04.2022 Manufacturer requests postponement
– 12.05.2022 Further postponement
– 15.06.2022 Manufacturer confirms vulnerability & requires further technical support
– 29.06.2022 Publication
