Lucene search

K
TcmanGim

5 matches found

CVE
CVE
added 2025/06/09 1:15 p.m.42 views

CVE-2025-40668

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChang...

7.1CVSS6.7AI score0.0005EPSS
CVE
CVE
added 2025/06/09 1:15 p.m.41 views

CVE-2025-40669

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1.

7.1CVSS6.4AI score0.00041EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.40 views

CVE-2021-40851

TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.

7.5CVSS7.4AI score0.00325EPSS
CVE
CVE
added 2025/06/09 1:15 p.m.40 views

CVE-2025-40670

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser.

7.1CVSS6.5AI score0.0005EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.38 views

CVE-2021-40853

TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible informa...

7.2CVSS6.9AI score0.00203EPSS