Vulnerabilities > Microstrategy > Microstrategy WEB > 10.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-13 | CVE-2020-22983 | Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | 8.1 |
| 2020-04-02 | CVE-2020-11452 | Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web 10.1/10.4/7 Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. | 4.3 |
| 2020-04-02 | CVE-2020-11451 | Unrestricted Upload of File with Dangerous Type vulnerability in Microstrategy web 10.1/10.4/7 The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. | 7.2 |
| 2020-04-02 | CVE-2020-11450 | Unspecified vulnerability in Microstrategy web Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. | 7.5 |
| 2019-07-19 | CVE-2019-12453 | Cross-site Scripting vulnerability in Microstrategy web 10.1/7 In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. | 6.1 |
| 2019-07-17 | CVE-2019-12475 | Cross-site Scripting vulnerability in Microstrategy web 10.1/10.4/7 In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. | 6.1 |