CVE-2024-40407

EUVD-2024-38443
A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
cybelesoftthinfinity_workspace
𝑥
< 7.0.2.113
𝑥
= Vulnerable software versions
References
https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/