{"api_version":"1","generated_at":"2026-04-22T19:06:49+00:00","cve":"CVE-2022-2188","urls":{"html":"https://cve.report/CVE-2022-2188","api":"https://cve.report/api/cve/CVE-2022-2188.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-2188","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-2188"},"summary":{"title":"CVE-2022-2188","description":"Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.","state":"PUBLIC","assigner":"trellixpsirt@trellix.com","published_at":"2022-11-07 12:15:00","updated_at":"2023-11-07 03:46:00"},"problem_types":["CWE-732"],"metrics":[],"references":[{"url":"https://kcm.trellix.com/corporate/index?page=content&id=SB10383","name":"https://kcm.trellix.com/corporate/index?page=content&id=SB10383","refsource":"MISC","tags":[],"title":"Security Bulletin - Data Exchange Layer Broker update fixes a privilege escalation vulnerability (CVE-2022-2188)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-2188","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2188","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"2188","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mcafee","cpe5":"data_exchange_layer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2188","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-2188","ASSIGNER":"trellixpsirt@trellix.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"cwe-274: Privilege Escalation "}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Trellix","product":{"product_data":[{"product_name":"DXL Broker","version":{"version_data":[{"version_value":"5.x","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://kcm.trellix.com/corporate/index?page=content&id=SB10383","refsource":"MISC","name":"https://kcm.trellix.com/corporate/index?page=content&id=SB10383"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2022-11-07 12:15:00","lastModifiedDate":"2023-11-07 03:46:00","problem_types":["CWE-732"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.0.280","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}