Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/12/03 2:2 p.m.7 views

CVE-2025-41014

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...

7.5CVSS6.8AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 2:16 p.m.7 views

CVE-2025-41013

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...

9.8CVSS0.00251EPSS
Exploits0References1
OSV
OSV
added 2025/12/02 2:16 p.m.9 views

CVE-2025-41013

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...

9.8CVSS5.8AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 1:15 p.m.5 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2025/05/06 11:15 a.m.3 views

CVE-2025-40620

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...

9.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder