This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microstrategy First view 2019-05-14
Product Web Services Last view 2019-05-14
Version 10.4 Type Application
Update hotfix_5  
Edition *  
Language *  
Sofware Edition *  
Target Software office  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microstrategy:web_services

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-05-14 CVE-2018-6885

An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to access the admin dashboard which may lead to RCE.) The path traversal is located in a SOAP request in the web service component.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...