Known Vulnerabilities for products from Microstrategy

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Microstrategy".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-29596 json MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/.... 9.8 - CRITICAL 2022-05-11 2022-05-20
CVE-2020-24815 json A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 befor... Not Provided 2020-11-24 2026-07-09
CVE-2020-22987 json Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers ... Not Provided 2022-05-12 2026-07-09
CVE-2020-22986 json Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers ... Not Provided 2022-05-12 2026-07-09
CVE-2020-22985 json Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers ... Not Provided 2022-05-12 2026-07-09
CVE-2020-22984 json Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers ... Not Provided 2022-05-12 2026-07-09
CVE-2020-22983 json A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenti... Not Provided 2022-05-13 2026-07-09
CVE-2020-11454 json Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for... 5.4 - MEDIUM 2020-04-02 2020-04-03
CVE-2020-11453 json ** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality expo... 5.3 - MEDIUM 2020-04-02 2023-11-07
CVE-2020-11452 json Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or ... 4.3 - MEDIUM 2020-04-02 2020-04-03
CVE-2020-11451 json The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive con... 7.2 - HIGH 2020-04-02 2020-06-09
CVE-2020-11450 json Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through th... 7.5 - HIGH 2020-04-02 2022-04-22
CVE-2019-18957 json Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS. 6.1 - MEDIUM 2019-11-14 2019-11-15
CVE-2019-12475 json In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation. 6.1 - MEDIUM 2019-07-17 2019-08-05
CVE-2019-12453 json In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation. 6.1 - MEDIUM 2019-07-19 2019-08-05
CVE-2018-18777 json Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) ... 4.3 - MEDIUM 2018-11-01 2018-12-12
CVE-2018-18776 json Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) ... 6.1 - MEDIUM 2018-11-01 2018-12-12
CVE-2018-18775 json Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) ... 6.1 - MEDIUM 2018-11-01 2018-12-12
CVE-2018-18696 json ** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documen... 8.8 - HIGH 2018-12-28 2023-11-07
CVE-2018-6885 json An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. T... 9.8 - CRITICAL 2019-05-14 2019-05-17

Known software with vulnerabilities from Microstrategy

Type Vendor Product Version
ApplicationMicrostrategyMicrostrategy10.4
ApplicationMicrostrategyMicrostrategy Library11.1.3
ApplicationMicrostrategyMicrostrategy Office9.2.200.63
ApplicationMicrostrategyMicrostrategy Web10.1
ApplicationMicrostrategyWeb10.1
ApplicationMicrostrategyWeb Services10.10

© CVE.report 2026

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report