Vulnerability
When an application is induced to send a back-end HTTP request to a specified URL, the response from the back-end request is not returned in the application’s front-end response, this is known as a blind SSRF vulnerability.In “com.microstrategy.web.app.utils.usher” class, I observed the “validateServerURL” function which process “serverURL” parameter. The “validateServerURL” function will internally send a GET request to the provided URL.
Mitigation / Precaution
We suggest that you update MicroStrategy in order to fix this vulnerability.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
