CVE-2021-36388

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
Configurations

Configuration 1

cpe:2.3:a:yellowfinbi:yellowfin:*:*:*:*:*:*:*:*

Information

Published : 2021-10-14 07:15

Updated : 2021-10-20 03:14


NVD link : CVE-2021-36388

Mitre link : CVE-2021-36388

Products Affected
No products.
CWE