Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microstrategy microstrategy vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-24815
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded ...
Microstrategy Microstrategy 10.4
Microstrategy Microstrategy 2019
Microstrategy Microstrategy 2020
2 Github repositories
6.8
CVSSv2
CVE-2018-18696
main.aspx in Microstrategy Analytics 10.4.0026.0049 and previous versions has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-We...
Microstrategy Microstrategy
5
CVSSv2
CVE-2020-11450
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issu...
Microstrategy Microstrategy Web
4
CVSSv2
CVE-2020-11452
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the...
Microstrategy Microstrategy Web
4.3
CVSSv2
CVE-2019-12475
In MicroStrategy Web prior to 10.4.6, there is stored XSS in metric due to insufficient input validation.
Microstrategy Microstrategy Web
1 Github repository
4.3
CVSSv2
CVE-2019-18957
Microstrategy Library in MicroStrategy prior to 2019 prior to 11.1.3 has reflected XSS.
Microstrategy Microstrategy Library
6.5
CVSSv2
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administr...
Microstrategy Microstrategy Web
5.8
CVSSv2
CVE-2020-22983
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and previous versions, allows remote unauthenticated malicious users to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
Microstrategy Microstrategy Web
4.3
CVSSv2
CVE-2019-12453
In MicroStrategy Web prior to 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
Microstrategy Microstrategy Web
2 Github repositories
3.5
CVSSv2
CVE-2020-11454
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a ...
Microstrategy Microstrategy Web 10.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »