Lucene search
MitreCVELIST:CVE-2021-36388HistoryOct 14, 2021 - 6:16 p.m.
CVE-2021-36388
2021-10-1418:16:25
mitre
www.cve.org
0.006 Low
EPSS
Percentile
78.1%
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page “MIIAvatarImage.i4”.
References
seclists.org/fulldisclosure/2021/Oct/15
cyberaz0r.info/2021/10/yellowfin-multiple-vulnerabilities/
github.com/cyberaz0r/Yellowfin-Multiple-Vulnerabilities/blob/main/README.md
packetstormsecurity.com/files/164515/Yellowfin-Cross-Site-Scripting-Insecure-Direct-Object-Reference.html
wiki.yellowfinbi.com/display/yfcurrent/Release+Notes+for+Yellowfin+9#ReleaseNotesforYellowfin9-Yellowfin9.6
Related
cve
cve
CVE-2021-36388
2021-10-14 19:15:09
vulnrichment
vulnrichment
CVE-2021-36388
2021-10-14 18:16:25
prion
prion
Design/Logic Flaw
2021-10-14 19:15:00
cnvd
cnvd
Yellowfin Insecure Direct Object Reference Vulnerability (CNVD-2021-99268)
2021-10-15 00:00:00
nvd
nvd
CVE-2021-36388
2021-10-14 19:15:09
packetstorm
packetstorm
Yellowfin Cross Site Scripting / Insecure Direct Object Reference
2021-10-14 00:00:00
zdt
zdt