Skip to main content

Thinfinity Virtualui

4 CVEs product

Monthly

CVE-2021-46354 HIGH POC THREAT Act Now

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.6%.

Information Disclosure Thinfinity Virtualui
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
15.6%
CVE-2021-44554 MEDIUM POC This Month

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Thinfinity Virtualui
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-45092 CRITICAL POC THREAT Act Now

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Thinfinity Virtualui
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
40.0%
CVE-2021-44848 MEDIUM POC THREAT This Month

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Thinfinity Virtualui
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
23.1%
EPSS 16% CVSS 7.5
HIGH POC THREAT Act Now

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.6%.

Information Disclosure Thinfinity Virtualui
NVD GitHub Exploit-DB VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Thinfinity Virtualui
NVD GitHub
EPSS 40% CVSS 9.8
CRITICAL POC THREAT Act Now

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Thinfinity Virtualui
NVD GitHub Exploit-DB
EPSS 23% CVSS 5.3
MEDIUM POC THREAT This Month

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Thinfinity Virtualui
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy