Vulnerabilities > CVE-2020-11452 - Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web 10.1/10.4/7

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
microstrategy
CWE-918

Summary

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/157068/msisw104-disclosessrfexecxss.txt
idPACKETSTORM:157068
last seen2020-04-03
published2020-04-02
reporterredtimmysec
sourcehttps://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
titleMicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution