{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-40408", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-25T19:49:16.131Z", "dateReserved": "2024-07-05T00:00:00", "datePublished": "2024-11-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-13T22:39:03.975766"}, "descriptions": [{"lang": "en", "value": "Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-306", "lang": "en", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "affected": [{"vendor": "cybelesoft", "product": "thinfinity_workspace", "cpes": ["cpe:2.3:a:cybelesoft:thinfinity_workspace:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "7.0.2.113", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-25T19:49:02.377351Z", "id": "CVE-2024-40408", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T19:49:16.131Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-40408", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-25T19:49:02.377351Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cybelesoft:thinfinity_workspace:*:*:*:*:*:*:*:*"], "vendor": "cybelesoft", "product": "thinfinity_workspace", "versions": [{"status": "affected", "version": "0", "lessThan": "7.0.2.113", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T19:38:33.426Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/"}], "descriptions": [{"lang": "en", "value": "Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-13T22:39:03.975766"}}}, "cveMetadata": {"cveId": "CVE-2024-40408", "state": "PUBLISHED", "dateUpdated": "2024-11-25T19:49:16.131Z", "dateReserved": "2024-07-05T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-11-13T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cybelesoft:thinfinity_workspace:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F68F62D-2F3C-4D7E-BE0F-56C418D27D6E", "versionEndExcluding": "7.0.2.113", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges."}, {"lang": "es", "value": "Se descubri\u00f3 que la versi\u00f3n anterior a v7.0.2.113 de Cybele Software Thinfinity Workspace conten\u00eda un problema de control de acceso en la secci\u00f3n Crear perfil. Esta vulnerabilidad permite a los atacantes crear perfiles de usuario arbitrarios con privilegios elevados."}], "id": "CVE-2024-40408", "lastModified": "2025-05-01T14:24:20.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-13T23:15:04.060", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}