VYPR

Yellowfin

by Yellowfin

CVEs (4)

  • CVE-2020-19586CriSep 14, 2022
    risk 0.59cvss 9.0epss 0.01

    Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.

  • CVE-2021-36389HigOct 14, 2021
    risk 0.49cvss 7.5epss 0.03

    In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".

  • CVE-2021-36388HigOct 14, 2021
    risk 0.49cvss 7.5epss 0.03

    In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".

  • CVE-2021-36387MedOct 14, 2021
    risk 0.35cvss 5.4epss 0.01

    In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".