CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.
Configurations

Configuration 1 (hide)

cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:57

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2020/Apr/1 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2020/Apr/1 - Mailing List, Third Party Advisory
References () https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability - Patch, Vendor Advisory () https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability - Patch, Vendor Advisory
References () https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/ - Exploit, Third Party Advisory () https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/ - Exploit, Third Party Advisory

Information

Published : 2020-04-02 15:15

Updated : 2024-11-21 04:57


NVD link : CVE-2020-11450

Mitre link : CVE-2020-11450

CVE.ORG link : CVE-2020-11450


JSON object : View

Products Affected

microstrategy

  • microstrategy_web