CVE-2025-41014

Medium CVSS: 6.9

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.

Vendor

Tcman

Product

Gim

CWE

CWE-200

Yayın Tarihi

2025-12-02 14:16:24

Güncelleme

2025-12-03 20:07:15

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-200 Gim MEDIUM Tcman 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-2

Benzer Kayıtlar

High

CVE-2025-41013

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, cre…

Medium

CVE-2025-41015

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker…

High

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attack…

High

CVE-2025-40670

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a…

High

CVE-2025-40668

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege leve…

High

CVE-2025-40669

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify t…