Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yellowfinbi yellowfin vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-36388
In Yellowfin prior to 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
Yellowfinbi Yellowfin
1 Github repository
5.4
CVSSv3
CVE-2021-36387
In Yellowfin prior to 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
Yellowfinbi Yellowfin
1 Github repository
7.5
CVSSv3
CVE-2021-36389
In Yellowfin prior to 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
Yellowfinbi Yellowfin
1 Github repository
5.4
CVSSv3
CVE-2019-1010147
Yellowfin Smart Reporting All Versions before 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: V...
Bmc Remedy Smart Reporting -
Yellowfinbi Yellowfin Bi
9
CVSSv3
CVE-2020-19586
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote malicious users to escalate privilege via MIAdminStyles.i4 Admin UI.
Yellowfinbi Business Intelligence 7.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started