Medium severity4.3NVD Advisory· Published Apr 2, 2020· Updated Jun 17, 2026
CVE-2020-11452
CVE-2020-11452
Description
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Microstrategy/Webdescription
- Range: 10.4
Patches
Vulnerability mechanics
References
4- community.microstrategy.com/s/article/Web-Services-Security-VulnerabilitynvdPatchVendor Advisory
- packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/nvdExploitThird Party Advisory
- seclists.org/fulldisclosure/2020/Apr/1nvd
News mentions
0No linked articles in our index yet.