Vulnerabilities > CVE-2021-40853 - Missing Authorization vulnerability in Tcman GIM 11.0/8.0

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

tcman

CWE-862

NVD

Published: 2021-12-17

Updated: 2023-11-23

Summary

TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.

Vulnerable Configurations

Part	Description	Count
Application	Tcman Tcman GIM 11.0 Tcman GIM 8.0	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.incibe.es/en/incibe-cert/notices/aviso/tcman-gim-missing-authorization-vulnerability