CVE-2024-40408

HIGH

Cybele Software Thinfinity Workspace <7.0.2.113 - Privilege Escalation

Title source: llm

Description

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges.

References (1)

Core 1

Core References

Vendor Advisory

https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/

Scores

CVSS v3 7.3

EPSS 0.0027

EPSS Percentile 18.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

cybelesoft/thinfinity_workspace < 7.0.2.113

Published Nov 13, 2024

Tracked Since Feb 18, 2026