Alberto Wilson

**Name of the Vulnerable Software and Affected Versions** Dundas BI server versions prior to 5.0.1.1010 **Description** The issue allows an attacker to perform a Server-Side Request Forgery attack, enabling them to forge arbitrary requests that will be executed on their behalf. This is achieved via the `viewUrl` parameter of the "export the dashboard as an image" feature. The attack could be used to create a proxy for attacking other servers, either internal or external, or to conduct network scans of external or internal networks. **Recommendations** For versions prior to 5.0.1.1010, update to version 5.0.1.1010 or later to resolve the issue. As a temporary workaround, consider restricting access to the "export the dashboard as an image" feature or disabling the use of the `viewUrl` parameter until a patch is applied.