Medium severity5.3NVD Advisory· Published Apr 2, 2020· Updated Jun 17, 2026
CVE-2020-11453
CVE-2020-11453
Description
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Microstrategy/Webdescription
- Range: 10.4
Patches
Vulnerability mechanics
References
4- community.microstrategy.com/s/article/Web-Services-Security-VulnerabilitynvdPatchVendor Advisory
- packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/nvdExploitThird Party Advisory
- seclists.org/fulldisclosure/2020/Apr/1nvd
News mentions
0No linked articles in our index yet.