Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microstrategy | Microstrategy Web | <= 11.1 |
Related Weaknesses (CWE)
References
- http://microstrategy.comVendor Advisory
- http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProcBroken Link
- https://medium.com/%40win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d3
- https://tinyurl.com/Third Party Advisory
- https://www.microstrategy.com/us/report-a-security-vulnerabilityVendor Advisory
- http://microstrategy.comVendor Advisory
- http://www.yourcompany.com:8080/MicroStrategy/servlet/taskProcBroken Link
- https://medium.com/%40win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d3
- https://tinyurl.com/Third Party Advisory
- https://www.microstrategy.com/us/report-a-security-vulnerabilityVendor Advisory
FAQ
What is CVE-2020-22983?
CVE-2020-22983 is a vulnerability with a CVSS score of 8.1 (HIGH). A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via ...
How severe is CVE-2020-22983?
CVE-2020-22983 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-22983?
Check the references section above for vendor advisories and patch information. Affected products include: Microstrategy Microstrategy Web.