exploitDog

CVE-2025-41014

Опубликовано: 02 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim-2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tcman:gim:*:*:*:*:*:*:*:*

Версия до 2025-04-01 (исключая)

EPSS

Процентиль: 26%

0.0009

Низкий

7.5 High

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-wqx7-h3g4-fh2f

CVSS3: 7.5

github

2 месяца назад

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.

EPSS

Процентиль: 26%

0.0009

Низкий

7.5 High

CVSS3

Дефекты

CWE-200