Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microstrategy microstrategy web vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-6885
An issue exists in MicroStrategy Web Services (the Microsoft Office plugin) prior to 10.4 Hotfix 7, and prior to 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to access the...
Microstrategy Web Services
Microstrategy Web Services 10.4
8.8
CVSSv3
CVE-2018-18696
main.aspx in Microstrategy Analytics 10.4.0026.0049 and previous versions has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-We...
Microstrategy Microstrategy
8.1
CVSSv3
CVE-2020-22983
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and previous versions, allows remote unauthenticated malicious users to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
Microstrategy Microstrategy Web
7.5
CVSSv3
CVE-2020-11450
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issu...
Microstrategy Microstrategy Web
7.2
CVSSv3
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administr...
Microstrategy Microstrategy Web
6.1
CVSSv3
CVE-2020-22984
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
Microstrategy Microstrategy Web Sdk
6.1
CVSSv3
CVE-2020-22985
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Microstrategy Microstrategy Web Sdk
6.1
CVSSv3
CVE-2020-22986
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the searchString parameter to the wikiScrapper task.
Microstrategy Microstrategy Web Sdk
6.1
CVSSv3
CVE-2020-22987
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and previous versions, allows remote unauthenticated malicious users to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
Microstrategy Microstrategy Web Sdk
6.1
CVSSv3
CVE-2019-12453
In MicroStrategy Web prior to 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
Microstrategy Microstrategy Web
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »