QwikSec

Security Database

CVE

CWE

Training

CVE-2020-11453

Published: Apr 2, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability

x_refsource_MISC

https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/

x_refsource_MISC

http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html

x_refsource_MISC

20200403 MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.