Mcafee Data Exchange Layer vulnerabilities

5 known vulnerabilities affecting mcafee/data_exchange_layer.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2022-2188MEDIUMCVSS 5.5fixed in 6.0.0.2802022-11-07
CVE-2022-2188 [MEDIUM] CWE-732 CVE-2022-2188: Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users t Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.
nvd
CVE-2020-7252MEDIUMCVSS 5.5≤ 6.0.02020-02-17
CVE-2020-7252 [MEDIUM] CWE-250 CVE-2020-7252: Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 a Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files.
nvd
CVE-2019-3612MEDIUMCVSS 4.4≥ 4.0.0, ≤ 4.1.2≥ 5.0.0, ≤ 5.0.12019-04-10
CVE-2019-3612 [MEDIUM] CWE-312 CVE-2019-3612: Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 Information Disclosure vulnerability in McAfee DXL Platform and TIE Server in DXL prior to 5.0.1 HF2 and TIE prior to 2.3.1 HF1 allows Authenticated users to view sensitive information in plain text via the GUI or command line.
nvd
CVE-2019-1559MEDIUMCVSS 5.9≥ 4.0.0, < 6.0.02019-02-27
CVE-2019-1559 [MEDIUM] CWE-203 CVE-2019-1559: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to sen If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behave
nvd
CVE-2016-3984MEDIUMCVSS 5.1PoC≤ 2.0.0.430.12016-04-08
CVE-2016-3984 [MEDIUM] CWE-284 CVE-2016-3984: The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, En
nvd