CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-11452

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.6%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
http://seclists.org/fulldisclosure/2020/Apr/1
https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability
https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/
http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
http://seclists.org/fulldisclosure/2020/Apr/1
https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability
https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/

Products affected by CVE-2020-11452

Microstrategy » Microstrategy Web » Version: N/A

cpe:2.3:a:microstrategy:microstrategy_web:-
Microstrategy » Microstrategy Web » Version: 10.1

cpe:2.3:a:microstrategy:microstrategy_web:10.1
Microstrategy » Microstrategy Web » Version: 10.4

cpe:2.3:a:microstrategy:microstrategy_web:10.4
Microstrategy » Microstrategy Web » Version: 7

cpe:2.3:a:microstrategy:microstrategy_web:7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11452

Products

Pricing

Contact Us