CVE-2018-6885

Published: May 14, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to access the admin dashboard which may lead to RCE.) The path traversal is located in a SOAP request in the web service component.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-6885

Description

Affected Products

References