CVE-2022-29596
CRITICALMicrostrategy Enterprise Manager - Path Traversal
Title source: ruleDescription
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/haxpunk1337/Microstrategy-Poc/blob/main/poc
Scores
CVSS v3
9.8
EPSS
0.0127
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
microstrategy/enterprise_manager
2022
Published
May 11, 2022
Tracked Since
Feb 18, 2026