What is CVE-2020-11450?

CVE-2020-11450 is a vulnerability in N/a. Published 2020-04-02.

Is CVE-2020-11450 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment…

EPSS: 0.898 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

community.microstrategy.com/s/article/Web-Services-Security-Vulnerability (x_refsource_MISC)
www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstra… (x_refsource_MISC)
packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-… (x_refsource_MISC)
20200403 MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2020-11450?: CVE-2020-11450 is a vulnerability in N/a. Published 2020-04-02.
Is CVE-2020-11450 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.