CVE-2020-11450

nvd nist nuclei

Published: Apr 2, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.

Affected (1)

Products: Microstrategy: Microstrategy Web

1 product

Microstrategy Web

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microstrategy Microstrategy Web	Before 11.0

References (8)

http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Apr/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability

Source: cve@mitre.org

PatchVendor Advisory

https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Apr/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.