Shodan
Vulnerabilities
Vulnerable Software
Tcman:  >> Gim  >> 8.0  Security Vulnerabilities
CVE-2025-41013
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-12-02
CVE-2025-41014
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-02
CVE-2025-41015
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in '/WS/PDAWebService.asmx'.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-02
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-12-02
CVE-2021-40850
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.
CVSS Score
10.0
EPSS Score
0.003
Published
2021-12-17
CVE-2021-40851
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-17
CVE-2021-40852
TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-17
CVE-2021-40853
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.
CVSS Score
7.2
EPSS Score
0.002
Published
2021-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved