Thinfinity Workspace

thinfinity_workspace

Vendor: Cybelesoft • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-40410 1Cybelesoft 1Thinfinity Workspace May 1, 2025 Nov 13, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption.
CVE-2024-40408 1Cybelesoft 1Thinfinity Workspace May 1, 2025 Nov 13, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated...Show more Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges.Show less
CVE-2024-40407 1Cybelesoft 1Thinfinity Workspace May 1, 2025 Nov 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors.
CVE-2024-40405 1Cybelesoft 1Thinfinity Workspace May 1, 2025 Nov 13, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request.
CVE-2024-40404 1Cybelesoft 1Thinfinity Workspace May 1, 2025 Nov 13, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established.