Vulnerabilities > Cybelesoft > Thinfinity Virtualui > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-20 CVE-2021-44554 Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui
Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI.
network
low complexity
cybelesoft CWE-203
5.3
5.3
2021-12-13 CVE-2021-44848 Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
network
low complexity
cybelesoft CWE-203
5.3
5.3
2020-06-04 CVE-2019-16385 Injection vulnerability in Cybelesoft Thinfinity Virtualui
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring.
network
low complexity
cybelesoft CWE-74
6.1
6.1
2020-06-04 CVE-2019-16384 Path Traversal vulnerability in Cybelesoft Thinfinity Virtualui
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration.
network
low complexity
cybelesoft CWE-22
6.5
6.5