exploitDog

CVE-2025-41012

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tcman:gim:*:*:*:*:*:*:*:*

Версия до 2025-04-01 (исключая)

EPSS

Процентиль: 22%

0.00072

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-r93h-5xgh-5wfh

CVSS3: 5.3

github

2 месяца назад

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.

EPSS

Процентиль: 22%

0.00072

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862