Known Vulnerabilities for products from Microstrategy
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Microstrategy".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-29596 json | MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/.... | 9.8 - CRITICAL | 2022-05-11 | 2022-05-20 |
| CVE-2020-24815 json | A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 befor... | Not Provided | 2020-11-24 | 2026-07-09 |
| CVE-2020-22987 json | Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers ... | Not Provided | 2022-05-12 | 2026-07-09 |
| CVE-2020-22986 json | Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers ... | Not Provided | 2022-05-12 | 2026-07-09 |
| CVE-2020-22985 json | Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers ... | Not Provided | 2022-05-12 | 2026-07-09 |
| CVE-2020-22984 json | Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers ... | Not Provided | 2022-05-12 | 2026-07-09 |
| CVE-2020-22983 json | A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenti... | Not Provided | 2022-05-13 | 2026-07-09 |
| CVE-2020-11454 json | Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for... | 5.4 - MEDIUM | 2020-04-02 | 2020-04-03 |
| CVE-2020-11453 json | ** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality expo... | 5.3 - MEDIUM | 2020-04-02 | 2023-11-07 |
| CVE-2020-11452 json | Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or ... | 4.3 - MEDIUM | 2020-04-02 | 2020-04-03 |
| CVE-2020-11451 json | The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive con... | 7.2 - HIGH | 2020-04-02 | 2020-06-09 |
| CVE-2020-11450 json | Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through th... | 7.5 - HIGH | 2020-04-02 | 2022-04-22 |
| CVE-2019-18957 json | Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. | 6.1 - MEDIUM | 2019-11-14 | 2019-11-15 |
| CVE-2019-12475 json | In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. | 6.1 - MEDIUM | 2019-07-17 | 2019-08-05 |
| CVE-2019-12453 json | In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. | 6.1 - MEDIUM | 2019-07-19 | 2019-08-05 |
| CVE-2018-18777 json | Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) ... | 4.3 - MEDIUM | 2018-11-01 | 2018-12-12 |
| CVE-2018-18776 json | Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) ... | 6.1 - MEDIUM | 2018-11-01 | 2018-12-12 |
| CVE-2018-18775 json | Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) ... | 6.1 - MEDIUM | 2018-11-01 | 2018-12-12 |
| CVE-2018-18696 json | ** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documen... | 8.8 - HIGH | 2018-12-28 | 2023-11-07 |
| CVE-2018-6885 json | An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. T... | 9.8 - CRITICAL | 2019-05-14 | 2019-05-17 |
Known software with vulnerabilities from Microstrategy
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Microstrategy | Microstrategy | 10.4 |
| Application | Microstrategy | Microstrategy Library | 11.1.3 |
| Application | Microstrategy | Microstrategy Office | 9.2.200.63 |
| Application | Microstrategy | Microstrategy Web | 10.1 |
| Application | Microstrategy | Web | 10.1 |
| Application | Microstrategy | Web Services | 10.10 |