CVE-2025-40664

Critical CVSS: 9.3

Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.

Vendor

Tcman

Product

Gim

CWE

CWE-306

Yayın Tarihi

2025-05-26 13:15:20

Güncelleme

2025-10-10 20:17:42

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-306 Gim CRITICAL Tcman 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-0

Benzer Kayıtlar

High

CVE-2025-41013

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, cre…

Medium

CVE-2025-41014

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker…

Medium

CVE-2025-41015

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker…

High

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attack…

High

CVE-2025-40670

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a…

High

CVE-2025-40668

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege leve…