Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-4046 | 1 Tcman | 1 Gim | 2022-02-18 | 3.5 LOW | 5.4 MEDIUM |
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. | |||||
CVE-2021-40850 | 1 Tcman | 1 Gim | 2021-12-21 | 7.5 HIGH | 9.8 CRITICAL |
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx. | |||||
CVE-2021-40851 | 1 Tcman | 1 Gim | 2021-12-21 | 5.0 MEDIUM | 7.5 HIGH |
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information. | |||||
CVE-2021-40852 | 1 Tcman | 1 Gim | 2021-12-21 | 5.8 MEDIUM | 6.1 MEDIUM |
TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. | |||||
CVE-2021-40853 | 1 Tcman | 1 Gim | 2021-12-21 | 6.4 MEDIUM | 7.2 HIGH |
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information. |