VYPR

Web

by MicroStrategy

CVEs (2)

  • CVE-2020-11451HigApr 2, 2020
    risk 0.47cvss 7.2epss 0.03

    The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires…

  • CVE-2020-11452MedApr 2, 2020
    risk 0.28cvss 4.3epss 0.01

    Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the…