Microstrategy Microstrategy Web — known CVE vulnerabilities
Every CVE whose affected-product data names Microstrategy Microstrategy Web, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2020-22983 — CVSS 8.1 (high): A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated…
CVE-2020-11450 — CVSS 7.5 (high): Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL…
CVE-2020-11451 — CVSS 7.2 (high): The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files…
CVE-2019-12453 — CVSS 6.1 (medium): In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
CVE-2019-12475 — CVSS 6.1 (medium): In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
CVE-2018-18775 — CVSS 6.1 (medium): Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability…
CVE-2018-18776 — CVSS 6.1 (medium): Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability…
CVE-2020-11454 — CVSS 5.4 (medium): Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation…
CVE-2020-11453 — CVSS 5.3 (medium): Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path…
CVE-2020-11452 — CVSS 4.3 (medium): Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By…
CVE-2018-18777 — CVSS 4.3 (medium): Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote…