admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-06-09 21:01:51 +00:00
parent 648e6a93c7
commit 368f0e8fb0
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/11xxx/CVE-2020-11450.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in."
"value": "Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher."
}
]
},

2
2020/11xxx/CVE-2020-11451.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF.)"
"value": "The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges."
}
]
},

2
2020/11xxx/CVE-2020-11453.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed)."
"value": "** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product."
}
]
},

5
2020/1xxx/CVE-2020-1181.json
View File

@ -79,6 +79,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-694/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-694/"
}
]
}

5
2020/1xxx/CVE-2020-1207.json
View File

@ -285,6 +285,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1207",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1207"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-692/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-692/"
}
]
}

5
2020/1xxx/CVE-2020-1219.json
View File

@ -469,6 +469,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1219",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1219"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-698/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-698/"
}
]
}

5
2020/1xxx/CVE-2020-1232.json
View File

@ -228,6 +228,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1232",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1232"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-693/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-693/"
}
]
}

10
2020/1xxx/CVE-2020-1238.json
View File

@ -206,6 +206,16 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1238",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1238"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-696/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-696/"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-695/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-695/"
}
]
}

5
2020/1xxx/CVE-2020-1239.json
View File

@ -285,6 +285,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1239",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1239"
},
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-697/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-697/"
}
]
}