Jongsub Park

Name of the Vulnerable Software and Affected Versions: MaEPSBroker versions 2.5.0.31 and prior Description: A command injection issue is caused by improper input validation checks when parsing the `brokerCommand` parameter. This allows for potential exploitation due to the lack of proper validation. Recommendations: For MaEPSBroker versions 2.5.0.31 and prior, as a temporary workaround, consider restricting or validating the input for the `brokerCommand` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infraware ML Report version 2.19.312.0000 **Description** An issue was discovered in the ML Report Program, where a stack-based buffer overflow occurs in the function sub 41EAF0 at MLReportDeamon.exe. This happens because the function calls vsprintf without checking the length of strings in parameters given by an attacker, leading to a stack-based buffer overflow via access to a crafted web page. **Recommendations** For Infraware ML Report version 2.19.312.0000, consider disabling the sub 41EAF0 function in MLReportDeamon.exe as a temporary workaround until a patch is available. Restrict access to crafted web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.