CVE Tools

microstrategy

Enterprise SoftwareUScommercial

6

Cumulative CVEs

1

Monthly snapshots

#96

Peak rank

Top products

microstrategy web sdk4 microstrategy web1 enterprise manager1

Latest CVEs

The 15 most recently published vulnerabilities affecting microstrategy.

CVE-2020-22983A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack v...8.1May 13, 2022
CVE-2020-22985Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfi...6.1May 12, 2022
CVE-2020-22986Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScra...6.1May 12, 2022
CVE-2020-22987Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFi...6.1May 12, 2022
CVE-2020-22984Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig ...6.1May 12, 2022
CVE-2022-29596MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password...9.8May 11, 2022
CVE-2020-24815A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal ...6.5Nov 24, 2020
CVE-2020-11453Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication an...5.3Apr 2, 2020
CVE-2020-11452Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's pos...4.3Apr 2, 2020
CVE-2020-11450Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnera...7.5Apr 2, 2020
CVE-2020-11451The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploita...7.2Apr 2, 2020
CVE-2020-11454Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability...5.4Apr 2, 2020
CVE-2019-18957Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.6.1Nov 14, 2019
CVE-2019-12453In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.6.1Jul 19, 2019
CVE-2019-12475In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.6.1Jul 17, 2019