Cybelesoft Thinfinity Virtualui — known CVE vulnerabilities
Every CVE whose affected-product data names Cybelesoft Thinfinity Virtualui, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-45092 — CVSS 9.8 (critical): Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath…
CVE-2021-46354 — CVSS 7.5 (high): Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the…
CVE-2019-16384 — CVSS 6.5 (medium): Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the…
CVE-2019-16385 — CVSS 6.1 (medium): Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated…
CVE-2021-44554 — CVSS 5.3 (medium): Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI…
CVE-2021-44848 — CVSS 5.3 (medium): In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on…