CVE-2020-11452

Name of the Vulnerable Software and Affected Versions Microstrategy Web version 10.4

Description The issue allows users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (also known as Server-Side Request Forgery or SSRF) or leak files from the local system using the file:// stream wrapper.

Recommendations For Microstrategy Web version 10.4, consider restricting the import functionality to only trusted sources to minimize the risk of exploitation. As a temporary workaround, restrict access to external URLs and the file:// stream wrapper until a patch is available.