CVE-2020-11450 Scanner
Detects 'Information Disclosure' vulnerability in MicroStrategy Web affects v. 10.4.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
792 sec
Scan only one
Url
Toolbox
-
MicroStrategy Web is an analytics and business intelligence platform used for data analysis and reporting. It is a data-driven tool that helps businesses identify trends and opportunities in their data sets to make informed decisions. MicroStrategy Web is widely used in various industries, including healthcare, finance, retail, and manufacturing.
Recently, a vulnerability CVE-2020-11450 has been detected in MicroStrategy Web 10.4. This vulnerability exposes the users' environment and information by making the JVM configuration, CPU architecture, installation folder, and other information visible to the attacker through the URL /MicroStrategyWS/happyaxis.jsp. This information can be used to exploit the system and gain unauthorized access to sensitive data.
Exploitation of this vulnerability in MicroStrategy Web can lead to a serious data breach, exposing the organization's proprietary information and confidential data to the attacker. Hackers can potentially steal sensitive data and use it for malicious purposes like identity theft, extortion, and ransom demands. They can also use the extracted information to launch cyber attacks, causing financial loss, reputational damage, and legal consequences for organizations.
In conclusion, MicroStrategy Web 10.4 users should be aware of the CVE-2020-11450 vulnerability and take necessary precautions to protect their data and systems. For those concerned about vulnerabilities in their digital assets, s4e.io offers pro features that provide quick and easy access to vital security information. Stay vigilant, stay secure!
REFERENCES
- https://community.microstrategy.com/s/article/Web-Services-Security-Vulnerability
- https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/
- http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
- seclists.org: 20200403 MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities