Описание
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF.)
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF.)
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-11451
- https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability
- https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case
- http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Apr/1
EPSS
Процентиль: 70%
0.00644
Низкий
CVE ID
Связанные уязвимости
CVSS3: 7.2
nvd
почти 6 лет назад
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges.
EPSS
Процентиль: 70%
0.00644
Низкий