PT-2019-11033 · Microstrategy · Microstrategy Web Services

Publicado

2019-05-14

Atualizado

2019-05-17

CVE-2018-6885

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: MicroStrategy Web Services versions prior to 10.4 Hotfix 7 MicroStrategy Web Services versions prior to 10.11

Description: The issue allows unauthenticated access to asset files with MicroStrategy user privileges, potentially leading to access to the admin dashboard credentials, which may result in remote code execution (RCE). The vulnerability is located in a SOAP request in the web service component, specifically allowing path traversal.

Recommendations: For versions prior to 10.4 Hotfix 7, update to version 10.4 Hotfix 7 or later. For versions prior to 10.11, update to version 10.11 or later.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2018-6885

Produtos afetados

Microstrategy Web Services

PT-2019-11033 · Microstrategy · Microstrategy Web Services

CVE-2018-6885

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3