CVE-2020-24815

Name of the Vulnerable Software and Affected Versions MicroStrategy versions 10.4, 2019 before Update 6, and 2020 before Update 2

Description A Server-Side Request Forgery (SSRF) issue affects the PDF generation, allowing authenticated users to access internal network resources or leak local system files via HTML containers in a dossier/dashboard document.

Recommendations For MicroStrategy version 10.4, as it will reach end-of-life and no fix will be released, consider upgrading to a newer version or alternative solution. For MicroStrategy 2019 before Update 6, update to Update 6 or later. For MicroStrategy 2020 before Update 2, update to Update 2 or later. As a temporary workaround, consider restricting access to the PDF generation feature or disabling the embedding of HTML containers in dossier/dashboard documents until a patch is available.