CVE-2025-41012

High CVSS: 8.7

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.

Vendor

Tcman

Product

Gim

CWE

CWE-862

Yayın Tarihi

2025-12-02 13:15:53

Güncelleme

2025-12-03 19:46:50

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-862 Gim HIGH Tcman 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-2

Benzer Kayıtlar

High

CVE-2025-41013

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, cre…

Medium

CVE-2025-41014

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker…

Medium

CVE-2025-41015

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker…

High

CVE-2025-40670

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a…

High

CVE-2025-40668

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege leve…

High

CVE-2025-40669

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify t…