CVE-2020-11452

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/1
https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability	Patch Vendor Advisory
https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-02 16:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-11452

Mitre link : CVE-2020-11452

CVE.ORG link : CVE-2020-11452

JSON object : View

Products Affected

microstrategy

microstrategy_web

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2020-11452", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-04-02T16:15:14.637", "references": [{"url": "http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2020/Apr/1", "source": "cve@mitre.org"}, {"url": "https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper."}, {"lang": "es", "value": "Microstrategy Web versi\u00f3n 10.4, incluye una funcionalidad que permite a usuarios importar archivos o datos desde recursos externos como una URL o bases de datos. Al proporcionar una URL externa bajo el control del atacante, es posible enviar peticiones hacia recursos externos (tambi\u00e9n se conoce como SSRF) o filtrar archivos desde el sistema local usando el empaquetado de trasmisi\u00f3n de datos de file://."}], "lastModified": "2020-04-03T19:15:12.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03C1B094-9EE1-4B5E-AD97-22284DE98792", "versionEndIncluding": "10.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}