CVE-2021-40853

Published: Dec 17, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.7

Source: NVD

Description

TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.

Affected (2)

Products: Tcman: Gim

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Tcman Gim	Version 11.0
Tcman Gim	Version 8.0

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.incibe.es/en/incibe-cert/notices/aviso/tcman-gim-missing-authorization-vulnerability

Source: cve-coordination@incibe.es

https://www.incibe.es/en/incibe-cert/notices/aviso/tcman-gim-missing-authorization-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.