CVE-2024-40408

Name of the Vulnerable Software and Affected Versions Cybele Software Thinfinity Workspace versions prior to 7.0.2.113

Description The issue is related to an access control problem in the Create Profile section, allowing attackers to create arbitrary user profiles with elevated privileges. This can lead to unauthorized access.

Recommendations For versions prior to 7.0.2.113, update to version 7.0.2.113 or later to resolve the issue. As a temporary workaround, consider restricting access to the Create Profile section until the update is applied.