VYPR
Vendor

Yellowfin

Products
3
CVEs
6
Across products
6
Status
Private

Products

3

Recent CVEs

6
  • CVE-2020-19586CriSep 14, 2022
    risk 0.59cvss 9.0epss 0.01

    Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.

  • CVE-2021-36389HigOct 14, 2021
    risk 0.49cvss 7.5epss 0.03

    In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".

  • CVE-2021-36388HigOct 14, 2021
    risk 0.49cvss 7.5epss 0.03

    In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".

  • CVE-2020-19587MedSep 14, 2022
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

  • CVE-2021-36387MedOct 14, 2021
    risk 0.35cvss 5.4epss 0.01

    In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".

  • CVE-2019-1010147MedJul 26, 2019
    risk 0.35cvss 5.4epss 0.01

    Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector…