Skip to main content

Thinfinity Workspace

5 CVEs product

Monthly

CVE-2024-40410 MEDIUM This Month

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-40408 HIGH This Week

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-40407 HIGH This Week

A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thinfinity Workspace
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-40405 HIGH This Week

Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-40404 CRITICAL Act Now

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
9.8
EPSS
0.4%
EPSS 0% CVSS 4.8
MEDIUM This Month

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thinfinity Workspace
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy