http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html

http://seclists.org/fulldisclosure/2020/Apr/1

https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability

https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/

MITRE disputed

** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is un

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reprodu

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed).

** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is un

http://seclists.org/fulldisclosure/2020/Apr/1 [No Types Assigned]

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

NIST (AV:N/AC:L/Au:N/C:P/I:N/A:N)

NIST CWE-918

OR
     *cpe:2.3:a:microstrategy:microstrategy_web:10.4:*:*:*:*:*:*:*

http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html No Types Assigned

http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html Exploit, Third Party Advisory, VDB Entry

https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability No Types Assigned

https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability Patch, Vendor Advisory

https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/ No Types Assigned

https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/ Exploit, Third Party Advisory

http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html [No Types Assigned]