Vulnerability Description
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microstrategy | Microstrategy Web | < 11.0 |
References
- http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-AnExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Apr/1Mailing ListThird Party Advisory
- https://community.microstrategy.com/s/article/Web-Services-Security-VulnerabilitPatchVendor Advisory
- https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-miExploitThird Party Advisory
- http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-AnExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Apr/1Mailing ListThird Party Advisory
- https://community.microstrategy.com/s/article/Web-Services-Security-VulnerabilitPatchVendor Advisory
- https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-miExploitThird Party Advisory
FAQ
What is CVE-2020-11450?
CVE-2020-11450 is a vulnerability with a CVSS score of 7.5 (HIGH). Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerabil...
How severe is CVE-2020-11450?
CVE-2020-11450 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11450?
Check the references section above for vendor advisories and patch information. Affected products include: Microstrategy Microstrategy Web.