Lucene search
K
MicrostrategyMicrostrategy Web

11 matches found

CVE
CVE
added 2020/04/02 3:1 p.m.202 views

CVE-2020-11450

MicroStrategy Web 10.4 is affected by an information disclosure vulnerability where JVM configuration, CPU architecture, installation folder, and other environment details are exposed via /MicroStrategyWS/happyaxis.jsp. The issue enables an attacker to learn about the application environment, whi...

7.5CVSS7.3AI score0.17841EPSS
CVE
CVE
added 2019/07/19 4:53 p.m.159 views

CVE-2019-12453

CVE-2019-12453 – MicroStrategy Web stored XSS : Affects MicroStrategy Web prior to 10.1 patch 10. The vulnerability is due to missing input validation in the FLTB parameter, enabling stored cross-site scripting. From the connected documents: exploitation is via the FLTB parameter in MicroStrategy...

6.1CVSS5.8AI score0.00979EPSS
CVE
CVE
added 2018/11/01 5:0 p.m.83 views

CVE-2018-18777

CVE-2018-18777 : MicroStrategy Web 7 is vulnerable to a directory traversal/local file inclusion via the parameter subpage of “/WebMstr7/servlet/mstrWeb”. Remote authenticated users can bypass SecurityManager restrictions and list a parent directory using “/..” in the pathname. Public references ...

4.3CVSS4.6AI score0.19551EPSS
Web
CVE
CVE
added 2018/11/01 5:0 p.m.81 views

CVE-2018-18775

The vulnerability CVE-2018-18775 affects Microstrategy Web 7, where Login.asp Msg parameter input is not sufficiently encoded, causing a Cross-Site Scripting (XSS). The NVD entry notes input encoding weaknesses leading to XSS with a base CVSS v3.0 score of 6.1 (Network, Low user interaction requi...

6.1CVSS5.9AI score0.06555EPSS
Web
CVE
CVE
added 2022/05/13 12:31 p.m.76 views

CVE-2020-22983

The CVE-2020-22983 entry concerns a Server-Side Request Forgery (SSRF) in MicroStrategy Web SDK 11.1 and earlier. The root cause is a lack of authentication and data filtering of the srcURL parameter used by the shortURL task, enabling remote unauthenticated attackers to trigger SSRF via that par...

8.1CVSS8AI score0.02309EPSS
CVE
CVE
added 2018/11/01 5:0 p.m.66 views

CVE-2018-18776

CVE-2018-18776 concerns MicroStrategy Web 7, where an XSS vulnerability arises because input is not sufficiently encoded. The issue is exploitable via the admin/admin.asp ShowAll parameter, enabling a cross-site scripting attack. The product is deprecated, and multiple external sources (including...

6.1CVSS5.9AI score0.02321EPSS
Web
CVE
CVE
added 2020/04/02 3:3 p.m.59 views

CVE-2020-11453

CVE-2020-11453 relates to MicroStrategy Web 10.4 and involves a Server-Side Request Forgery in the Test Web Service exposed at /MicroStrategyWS/. The SSRF requires no authentication and cannot pass parameters, but can be used to perform port scanning and enumerate network resources (IP addresses ...

5.3CVSS5.4AI score0.02732EPSS
CVE
CVE
added 2020/04/02 2:58 p.m.58 views

CVE-2020-11454

CVE-2020-11454 affects MicroStrategy Web 10.4. The vulnerability is a Stored XSS in the HTML Container and Insert Text features of MicroStrategy Web, which can lead to the creation of a new dashboard. Exploitation requires that the attacker has access to a shared dashboard or can create a dashboa...

5.4CVSS5.2AI score0.00904EPSS
CVE
CVE
added 2020/04/02 3:2 p.m.57 views

CVE-2020-11452

CVE-2020-11452 concerns MicroStrategy Web 10.4, where the import functionality allows pulling data from external resources (URLs or databases). The description states that providing an attacker-controlled external URL can trigger requests to external resources (SSRF) or leak local files via the f...

4.3CVSS4.5AI score0.01215EPSS
CVE
CVE
added 2020/04/02 3:0 p.m.54 views

CVE-2020-11451

The CVE-2020-11451 entry concerns MicroStrategy Web 10.4 (Upload Visualization plugin in the admin panel). The vulnerability arises from allowing an administrator to upload a ZIP archive with arbitrary extensions and data, via a plugin upload mechanism that requires admin privileges. The descript...

7.2CVSS6.9AI score0.02658EPSS
CVE
CVE
added 2019/07/17 4:10 p.m.46 views

CVE-2019-12475

CVE-2019-12475 affects MicroStrategy Web prior to 10.4.6, with a stored XSS in the metric caused by insufficient input validation. The vulnerability is described as a cross-site scripting issue that could occur in authenticated contexts, with CVSS v3.0 base score 6.1 (NETWORK, LOW ATTACKER PRS, U...

6.1CVSS5.8AI score0.00979EPSS