Microstrategy: >> Microstrategy Web >> 10.4.6 Security Vulnerabilities
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
CVSS Score
8.1
EPSS Score
0.019
Published
2022-05-13
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.
CVSS Score
7.5
EPSS Score
0.875
Published
2020-04-02