CVE-2020-7839 HIGH

CVE-2020-7839: MarkAny MaEPSBroker Command Injection Vulnerability

Vendor Markany

Product MaEPSBroker

Weakness CWE-20 · Input validation

Published March 24, 2021

Last update August 4, 2024

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter.

Key dates

March 24, 2021 CVE published

August 4, 2024 Record updated

External resources

Related vulnerabilities