CVE-2020-11453

Name of the Vulnerable Software and Affected Versions Microstrategy Web version 10.4

Description The issue affects the Test Web Service functionality, exposed through the /MicroStrategyWS/ path, which requires no authentication. Although it is not possible to pass parameters in the SSRF request, an attacker could still exploit it to conduct port scanning and enumerate the resources allocated in the network, including IP addresses and services exposed.

Recommendations For Microstrategy Web version 10.4, as a temporary workaround, consider restricting access to the /MicroStrategyWS/ path until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.