Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yellowfinbi yellowfin vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-36388
In Yellowfin prior to 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
Yellowfinbi Yellowfin
1 Github repository
3.5
CVSSv2
CVE-2021-36387
In Yellowfin prior to 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
Yellowfinbi Yellowfin
1 Github repository
5
CVSSv2
CVE-2021-36389
In Yellowfin prior to 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
Yellowfinbi Yellowfin
1 Github repository
3.5
CVSSv2
CVE-2019-1010147
Yellowfin Smart Reporting All Versions before 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: V...
Bmc Remedy Smart Reporting -
Yellowfinbi Yellowfin Bi
NA
CVE-2020-19586
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote malicious users to escalate privilege via MIAdminStyles.i4 Admin UI.
Yellowfinbi Business Intelligence 7.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started