Security Advisory

CVE-2021-36388

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-14 18:16:25

Last updated 2024-08-04 00:54:51

Assigner mitre

State PUBLISHED

Description

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".

← Browse all CVEs View on cve.org ↗