Gim
CVE-2021-40851
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.
AnalysisAI
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information. Affected products include: Tcman Gim.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, cre
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.a
Unrestricted file upload in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploita
SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no aut
SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no aut
SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no aut
SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no aut
SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no aut
Missing authentication vulnerability in TCMAN GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotel
CVE-2025-40670 is an incorrect authorization vulnerability in TCMAN's GIM (Gestion Integrada de Mantenimiento) v11 that
Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. Rated high severity (CVSS 8.7), this vulnerability is
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today