14 Mai 2019
Vulnérabilité CVE-2018-6885 CVE Vulnerability
An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to access the admin dashboard which may lead to RCE.) The path traversal is located in a SOAP request in the web service component. (CVSS:5.0) (Last Update:2019-05-17)
Vulnerability Details : An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to access the admin dashboard which may lead to RCE.) The path traversal is located in a SOAP request in the web service component. Publish Date : 2019-05-14 Last Update Date : 2019-05-17 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2018-6885
- Number Of Affected Versions By Product
- References For CVE-2018-6885
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2018-6885There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |