Lucene search
PRIOn knowledge basePRION:CVE-2020-11450HistoryApr 02, 2020 - 3:15 p.m.
Design/Logic Flaw
2020-04-0215:15:00
PRIOn knowledge base
www.prio-n.com
5
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microstrategy_web | lt | 11.0 |
References
packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
seclists.org/fulldisclosure/2020/Apr/1
community.microstrategy.com/s/article/Web-Services-Security-Vulnerability
www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/
Related
cve
cve
CVE-2020-11450
2020-04-02 15:15:17
nuclei
nuclei
MicroStrategy Web 10.4 - Information Disclosure
2022-10-07 03:51:24
nvd
nvd
CVE-2020-11450
2020-04-02 15:15:17
cvelist
cvelist
CVE-2020-11450
2020-04-02 15:01:45
openvas
openvas
Apache Axis Detection (HTTP)
2016-04-06 00:00:00
Apache Axis2 Detection (HTTP)
2010-09-20 00:00:00
Directory Scanner
2005-11-03 00:00:00
zdt
zdt
packetstorm
packetstorm