14 matches found
EUVD-2020-3808
Malware in sbrugna...
CVE-2020-11454
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...
CVE-2020-11453
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...
CVE-2020-11453
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...
Design/Logic Flaw
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources aka SSRF or leak files from the local system using the...
CVE-2020-11454
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...
CVE-2020-11453
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...
CVE-2020-11453
CVE-2020-11453 relates to MicroStrategy Web 10.4 and involves a Server-Side Request Forgery in the Test Web Service exposed at /MicroStrategyWS/. The SSRF requires no authentication and cannot pass parameters, but can be used to perform port scanning and enumerate network resources (IP addresses ...
CVE-2020-11452
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources aka SSRF or leak files from the local system using the...
CVE-2020-11452
CVE-2020-11452 concerns MicroStrategy Web 10.4, where the import functionality allows pulling data from external resources (URLs or databases). The description states that providing an attacker-controlled external URL can trigger requests to external resources (SSRF) or leak local files via the f...
CVE-2020-11450
MicroStrategy Web 10.4 is affected by an information disclosure vulnerability where JVM configuration, CPU architecture, installation folder, and other environment details are exposed via /MicroStrategyWS/happyaxis.jsp. The issue enables an attacker to learn about the application environment, whi...
CVE-2020-11451
The CVE-2020-11451 entry concerns MicroStrategy Web 10.4 (Upload Visualization plugin in the admin panel). The vulnerability arises from allowing an administrator to upload a ZIP archive with arbitrary extensions and data, via a plugin upload mechanism that requires admin privileges. The descript...
CVE-2020-11454
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...