Vulnerabilities

CVE-2025-41014

by Fred · 02/12/2025

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the ‘pda:username’ parameter with ‘soapaction GetLastDatePasswordChange’ in ‘/WS/PDAWebService.asmx’.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-2

Similar

Tags: Cybersecurity Alert