Back to search
CVE-2020-11452
Published: Apr 2, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20200403 MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now