본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7839 | MarkAny MaEPSBroker Command Injection Vulnerability2021.03.24
□ Overview
 o Markany released security update to address command injection vulnerability in MaEPSBroker.
Vulerability Type Impact Severity CVSS CVE ID
Command Injection Code execution High 8.8 CVE-2020-7839
 
□ Description
 o MaEPSBroker contains a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter.

□ Affected Products
Product Version
MaEPSBroker MaEPSBroker version below 2.5.0.31
 
□ Solution
 o Update software over 2.5.0.32 version

□ Acknowledgements
 o Thanks to Jongsub Park for reporting this vulnerability
 
□ Reference site
[1] https://www.markany.com/


□ 작성 : 침해사고분석단 취약점분석팀