CVE-2020-24815

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
24/11/2020
Last modified:
02/12/2020

Description

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:microstrategy:microstrategy:10.4:*:*:*:*:*:*:*
cpe:2.3:a:microstrategy:microstrategy:2019:update1:*:*:*:*:*:*
cpe:2.3:a:microstrategy:microstrategy:2019:update2:*:*:*:*:*:*
cpe:2.3:a:microstrategy:microstrategy:2019:update3:*:*:*:*:*:*
cpe:2.3:a:microstrategy:microstrategy:2019:update4:*:*:*:*:*:*
cpe:2.3:a:microstrategy:microstrategy:2019:update5:*:*:*:*:*:*
cpe:2.3:a:microstrategy:microstrategy:2020:update1:*:*:*:*:*:*