CVE-2020-19586 Inaccurate Access Control in YBI 7.3 allows attackers to escalate privileges via MIAdminStyles.i4 Admin UI.

CVE-2018-1797 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. CVE-2018-1798 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. CVE-2018-1799 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. CVE-2018-1800 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration. CVE-2018-1801 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration. CVE-2018-1802 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration. CVE-2018-1803 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration. CVE-2018-1804 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration. CVE-2018-1805 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration. CVE-2018-1806 In

There are 6 vulnerabilities with fixed software, 4 with no update available and 3 unresolved issues

This post provides a list of vulnerabilities with fixed software, 4 with no update available and 3 unresolved issues.
1. CVE-2020-19586 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI
2. CVE-2018-1797 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI
3. CVE-2018-1798 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI
4. CVE-2018-1799 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI
5. CVE-2018-1800 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration
6a)CVE-2018-1801 Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration
6b)CVE-2018-1802 Inappropriate Access Control issue in Yellowfin Business Intelligence 7
6c)CVE-2018-1803 Inappropriate Access Control issue in Yellowfin Business Intelligence
6d)CVE 2018 - 1804 Inappropriate access control issue in Yellow

Table of Contents

1. What is the CVE-2020-19586?
2. What is the CVE-2018-1797?
3. What is the CVE-2018-1798?
4. What is the CVE-2018-1799?
5. What is the CVE-2018-1800?
6. What is the CVE-2018-1801?
7. What is the CVE-2018-1802?
8. What is the CVE-2018-1803?
9. What is the CVE-2018-1804?
10. What is the CVE - 2018 - 1805 ?

Product description

Yellowfin Business Intelligence is a business intelligence (BI) software solution designed to help organizations collect, organize, and analyze data from the different sources in the organization. It helps to provide decision-support capabilities that help business managers grow.
Product Description: Yellowfin BI software is an easy-to-use, web-based program that delivers timely, accurate information with high visibility and low costs. It comes with preconfigured views of various data sources and provides a scalable set of reporting tools for your enterprise.

There is a summary of changes below, be sure to read about the changes in detail .

Summary of Changes:
- CVE-2019-14704: Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. - CVE-2020-19586: Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. - CVE-2018-1797, CVE-2018-1798, CVE-2018-1799, CVE-2018-1800: Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration. - CVE-2018-1801, CVE-2018-1802, CVE-2018-1803, and CVE-2018-1804: Inappropriate Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminSty Registration. - CVE

Timeline

Published on: 09/14/2022 03:15:00 UTC
Last modified on: 09/17/2022 01:26:00 UTC

References

• https://github.com/Deepak983/CVE-2020-19586/blob/main/Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19586