Lucene search
K
CybelesoftThinfinity Workspace

5 matches found

CVE
CVE
added 2024/11/13 12:0 a.m.92 views

CVE-2024-40404

CVE-2024-40404 affects Cybele Software Thinfinity Workspace prior to version 7.0.2.113. The issue is an access control flaw in the API endpoint used to establish WebSocket connections. The Red Hat, NVD, CNNVD, CVE.org and PTSecurity entries corroborate that versions before 7.0.2.113 are vulnerabl...

9.8CVSS7.4AI score0.00445EPSS
CVE
CVE
added 2024/11/13 12:0 a.m.68 views

CVE-2024-40407

CVE-2024-40407 affects Cybele Software Thinfinity Workspace prior to v7.0.2.113. The issue is a full path disclosure that allows an attacker to obtain the root path of the application via unspecified vectors. Affected product: Thinfinity Workspace. Root cause: disclosure of sensitive filesystem p...

7.5CVSS6.8AI score0.0038EPSS
CVE
CVE
added 2024/11/13 12:0 a.m.57 views

CVE-2024-40410

Cybele Software Thinfinity Workspace prior to v7.0.2.113 is affected by a hardcoded cryptographic key used for encryption. The vulnerability affects Thinfinity Workspace versions before 7.0.2.113, enabling potential cryptographic misuse via the embedded key. Remediation: upgrade to v7.0.2.113 or ...

4.8CVSS7.5AI score0.00135EPSS
CVE
CVE
added 2024/11/13 12:0 a.m.54 views

CVE-2024-40408

CVE-2024-40408 affects Cybele Software Thinfinity Workspace prior to v7.0.2.113, with an access control flaw in the Create Profile section that allows an attacker to create arbitrary user profiles with elevated privileges. The issue is due to improper access control on profile creation. Impact is...

7.3CVSS7.5AI score0.00271EPSS
CVE
CVE
added 2024/11/13 12:0 a.m.52 views

CVE-2024-40405

CVE-2024-40405 affects Cybele Software Thinfinity Workspace (before v7.0.3.109). The issue is described as incorrect access control that lets an attacker access a secondary broker via a crafted request. The vulnerability is documented with CVSS v3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (base scor...

8.1CVSS7.1AI score0.00441EPSS