PT-2024-28832 · Cybele · Thinfinity Workspace
Published
2024-11-13
·
Updated
2024-11-25
·
CVE-2024-40407
CVSS v3.1
7.5
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Fix
Related Identifiers
Affected Products
Thinfinity Workspace
Published
2024-11-13
·
Updated
2024-11-25
·
CVE-2024-40407
7.5
High
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Cybele Software Thinfinity Workspace versions prior to 7.0.2.113
Description:
A full path disclosure issue allows attackers to obtain the root path of the application via unspecified vectors. This could potentially be exploited to gain sensitive information about the application's structure.
Recommendations:
For versions prior to 7.0.2.113, update to version 7.0.2.113 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive application paths to minimize the risk of exploitation.
Fix