PT-2024-28830 · Cybele · Thinfinity Workspace
Published
2024-11-13
·
Updated
2024-11-25
·
CVE-2024-40404
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cybele Software Thinfinity Workspace versions prior to 7.0.2.113
Description
The issue is related to an access control problem in the API endpoint where Web Sockets connections are established.
Recommendations
For versions prior to 7.0.2.113, update to version 7.0.2.113 or later to resolve the access control issue in the API endpoint.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thinfinity Workspace