| ID |
CVE-2024-40408
|
| Sažetak |
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges. |
| Reference |
|
| CVSS |
| Base: | 7.3 |
| Impact: | 3.4 |
| Exploitability: | 3.9 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| LOW |
LOW |
LOW |
|
| CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Zadnje važnije ažuriranje |
25-11-2024 - 20:15 |
| Objavljeno |
13-11-2024 - 23:15 |
