CVE-2024-40408

Published: Nov 13, 2024Modified: May 1, 2025

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges.

Affected (1)

Products: Cybelesoft: Thinfinity Workspace

Cybelesoft

1 product

Thinfinity Workspace

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cybelesoft Thinfinity Workspace	Before 7.0.2.113

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (1)

https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.