Tcman

Gim

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-41015

  • EPSS 0.09%
  • Veröffentlicht 02.12.2025 13:18:25
  • Zuletzt bearbeitet 03.12.2025 20:08:14

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soap...

7.5

CVE-2025-41014

  • EPSS 0.09%
  • Veröffentlicht 02.12.2025 13:18:13
  • Zuletzt bearbeitet 03.12.2025 20:07:15

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soap...

5.3

CVE-2025-41012

  • EPSS 0.08%
  • Veröffentlicht 02.12.2025 13:15:53
  • Zuletzt bearbeitet 03.12.2025 19:46:50

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction Un...

9.8

CVE-2025-41013

  • EPSS 0.05%
  • Veröffentlicht 02.12.2025 13:13:57
  • Zuletzt bearbeitet 03.12.2025 19:54:41

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.

8.8

CVE-2025-40670

  • EPSS 0.08%
  • Veröffentlicht 09.06.2025 12:26:28
  • Zuletzt bearbeitet 06.10.2025 19:35:55

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser.

6.5

CVE-2025-40669

  • EPSS 0.05%
  • Veröffentlicht 09.06.2025 12:26:11
  • Zuletzt bearbeitet 06.10.2025 19:37:27

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?C...

6.5

CVE-2025-40668

  • EPSS 0.05%
  • Veröffentlicht 09.06.2025 12:25:59
  • Zuletzt bearbeitet 06.10.2025 19:48:50

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and Passw...

6.5

CVE-2025-40667

  • EPSS 0.06%
  • Veröffentlicht 26.05.2025 12:49:49
  • Zuletzt bearbeitet 10.10.2025 20:14:38

Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must m...

9.8

CVE-2025-40666

  • EPSS 0.06%
  • Veröffentlicht 26.05.2025 12:48:21
  • Zuletzt bearbeitet 10.10.2025 20:14:48

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx.

9.8

CVE-2025-40665

  • EPSS 0.06%
  • Veröffentlicht 26.05.2025 12:48:08
  • Zuletzt bearbeitet 10.10.2025 20:14:57

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx.