Published: 24/11/2020 Updated: 02/12/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microstrategy microstrategy 10.4
microstrategy microstrategy 2019
microstrategy microstrategy 2020

exploit-CVE-2020-24815py this is my first exploit for CVE-2020-24815 put the POST path after url !!!!Example: if the script not work change the cookie on script $ -> pip install -r requirementstxt fix probleme pdftotext not installed: $ -> sudo apt-get install build-essential libpoppler-cpp-dev pkg-config python3-dev

CWE-918 https://community.microstrategy.com/s/article/Securing-PDF-and-Excel-Export-with-Whitelists?language=en_US https://triskelelabs.com/extracting-your-aws-access-keys-through-a-pdf-file/http://microstrategy.com https://nvd.nist.gov https://github.com/ziadanbari2021/exploit-CVE-2020-24815

CVE-2020-24815

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect