Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

91 matches found

CNVD
CNVDadded 2020/04/03 12:0 a.m.1 views

Microstrategy Web Code Issue Vulnerability

Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A code issue vulnerability exists in Microstrategy Web version 10.4. The vulnerability arises from an improperly designed or...

5.3CVSS7.1AI score0.01714EPSS
Exploits3
CNVD
CNVDadded 2020/04/03 12:0 a.m.2 views

MicroStrategy Web Cross-Site Scripting Vulnerability (CNVD-2020-23180)

Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A cross-site scripting vulnerability exists in the HTML Container and Insert Text features in Microstrategy Web version 10.4. The...

5.4CVSS6.3AI score0.00504EPSS
Exploits3
CNVD
CNVDadded 2020/04/03 12:0 a.m.3 views

Microstrategy Web Code Issue Vulnerability (CNVD-2020-23179)

Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A security vulnerability exists in the Upload Visualization plug-in for the administrator panel in Microstrategy Web version 10.4. ...

7.2CVSS7AI score0.00644EPSS
Exploits3
CNVD
CNVDadded 2020/04/03 12:0 a.m.2 views

Microstrategy Web Code Issue Vulnerability (CNVD-2020-23183)

Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A code issue vulnerability exists in Microstrategy Web version 10.4. The vulnerability arises from an improperly designed or...

4.3CVSS7.1AI score0.00297EPSS
Exploits3
CNVD
CNVDadded 2020/04/03 12:0 a.m.1 views

Microstrategy Web Information Disclosure Vulnerability

Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A security vulnerability exists in Microstrategy Web version 10.4. An attacker could exploit the vulnerability to obtain informatio...

7.5CVSS6.5AI score0.89806EPSS
Exploits3
OSV
OSVadded 2020/04/02 4:15 p.m.4 views

CVE-2020-11452

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources aka SSRF or leak files from the local system using the...

4.3CVSS5.8AI score0.00297EPSS
Exploits3References4
OSV
OSVadded 2020/04/02 4:15 p.m.2 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.3CVSS5.8AI score0.01714EPSS
Exploits3References4
NVD
NVDadded 2020/04/02 4:15 p.m.22 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.3CVSS5.4AI score0.01714EPSS
Exploits3References4
Prion
Prionadded 2020/04/02 4:15 p.m.18 views

Server side request forgery (ssrf)

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5CVSS5.4AI score0.01714EPSS
Exploits3References4Affected Software1
Prion
Prionadded 2020/04/02 4:15 p.m.26 views

Design/Logic Flaw

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources aka SSRF or leak files from the local system using the...

4CVSS4.5AI score0.00297EPSS
Exploits3References4Affected Software1
NVD
NVDadded 2020/04/02 3:15 p.m.18 views

CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...

7.5CVSS7.8AI score0.89806EPSS
Exploits3References4
OSV
OSVadded 2020/04/02 3:15 p.m.2 views

CVE-2020-11454

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

5.4CVSS5.8AI score0.00504EPSS
Exploits3References4
Prion
Prionadded 2020/04/02 3:15 p.m.16 views

Cross site scripting

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

3.5CVSS5.2AI score0.00504EPSS
Exploits3References4Affected Software1
Cvelist
Cvelistadded 2020/04/02 3:3 p.m.20 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.4AI score0.01714EPSS
Exploits3References4
CVE
CVEadded 2020/04/02 3:3 p.m.56 views

CVE-2020-11453

CVE-2020-11453 relates to MicroStrategy Web 10.4 and involves a Server-Side Request Forgery in the Test Web Service exposed at /MicroStrategyWS/. The SSRF requires no authentication and cannot pass parameters, but can be used to perform port scanning and enumerate network resources (IP addresses ...

5.3CVSS5.4AI score0.01714EPSS
Exploits3References4Affected Software1
Cvelist
Cvelistadded 2020/04/02 3:1 p.m.22 views

CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...

7.4AI score0.89806EPSS
Exploits3References4
Cvelist
Cvelistadded 2020/04/02 3:0 p.m.20 views

CVE-2020-11451

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...

7AI score0.00644EPSS
Exploits3References4
CVE
CVEadded 2020/04/02 3:0 p.m.52 views

CVE-2020-11451

The CVE-2020-11451 entry concerns MicroStrategy Web 10.4 (Upload Visualization plugin in the admin panel). The vulnerability arises from allowing an administrator to upload a ZIP archive with arbitrary extensions and data, via a plugin upload mechanism that requires admin privileges. The descript...

7.2CVSS6.9AI score0.00644EPSS
Exploits3References4Affected Software1
Cvelist
Cvelistadded 2020/04/02 2:58 p.m.23 views

CVE-2020-11454

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

5.3AI score0.00504EPSS
Exploits3References4
Positive Technologies
Positive Technologiesadded 2020/04/02 12:0 a.m.3 views

PT-2020-12619 · Microstrategy · Microstrategy Web

Name of the Vulnerable Software and Affected Versions: Microstrategy Web version 10.4 Description: The issue affects the Test Web Service functionality, exposed through the /MicroStrategyWS/ path, which requires no authentication. Although it is not possible to pass parameters in the SSRF request...

5.3CVSS6.6AI score0.01714EPSS
Exploits3References7
Rows per page
Query Builder