Security Advisory

CVE-2021-36389

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-14 18:27:27

Last updated 2024-08-04 00:54:51

Assigner mitre

State PUBLISHED

Description

In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".

← Browse all CVEs View on cve.org ↗