Vulnerabilities

CVE-2025-41012

by Fred · 02/12/2025

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the ‘pda:userId’ and ‘pda:newPassword’ parameters with ‘soapaction UnlockUser’ in ‘/WS/PDAWebService.asmx’.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-2

Similar

Tags: Cybersecurity Alert