Cybelesoft Thinfinity_workspace
5 CVEs affecting Cybelesoft Thinfinity_workspace. Latest disclosed: 2024-11-13. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-40404 | Critical | 9.8 | 2024-11-13 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are… |
CVE-2024-40405 | High | 8.1 | 2024-11-13 | Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. |
CVE-2024-40407 | High | 7.5 | 2024-11-13 | A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified ve… |
CVE-2024-40408 | High | 7.3 | 2024-11-13 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allo… |
CVE-2024-40410 | Medium | 4.8 | 2024-11-13 | Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption. |