Lucene search

[email protected]NVD:CVE-2020-19586

HistorySep 14, 2022 - 3:15 a.m.

CVE-2020-19586

2022-09-1403:15:07

CWE-79

[email protected]

web.nvd.nist.gov

yellowfin bi

access control

privilege escalation

miadminstyles.i4 admin ui

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

58.2%

JSON

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.

Affected configurations

Nvd

Node

yellowfinbibusiness_intelligenceMatch7.3

VendorProductVersionCPE
yellowfinbibusiness_intelligence7.3cpe:2.3:a:yellowfinbi:business_intelligence:7.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yellowfinbi	business_intelligence	7.3	cpe:2.3:a:yellowfinbi:business_intelligence:7.3:::::::*

References

github.com/Deepak983/CVE-2020-19586/blob/main/Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

58.2%

JSON

Related for NVD:CVE-2020-19586

cvelist1 prion1 cve1