Lucene search
PRIOn knowledge basePRION:CVE-2020-11452HistoryApr 02, 2020 - 4:15 p.m.
Design/Logic Flaw
2020-04-0216:15:00
PRIOn knowledge base
www.prio-n.com
6
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it’s possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microstrategy_web | le | 10.4 |
References
packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
seclists.org/fulldisclosure/2020/Apr/1
community.microstrategy.com/s/article/Web-Services-Security-Vulnerability
www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/
Related
cve
cve
CVE-2020-11452
2020-04-02 16:15:14
nvd
nvd
CVE-2020-11452
2020-04-02 16:15:14
cvelist
cvelist
CVE-2020-11452
2020-04-02 15:02:46
zdt
zdt
packetstorm
packetstorm