Vulnerabilities > Cybelesoft > Thinfinity Virtualui > 2.5.41.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-20 | CVE-2021-44554 | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. | 5.3 |
| 2021-12-16 | CVE-2021-45092 | Unspecified vulnerability in Cybelesoft Thinfinity Virtualui Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. | 9.8 |
| 2021-12-13 | CVE-2021-44848 | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. | 5.3 |