TCMAN GIM open redirect vulnerability

Posted date 14/12/2021
Importance
3 - Medium
Affected Resources

GIM version v8 and v11.

Description

INCIBE has coordinated the publication of a vulnerability in TCMAN GIM, with the internal code INCIBE-2021-0510, which has been discovered by Víctor Fidalgo Villar, researcher in INCIBE.

CVE-2021-40852 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated, the CVSS vector string is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Solution

This vulnerability has been solved by TCMAN in GIM v8.0.1 Release 31734.

Detail

TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker.

The exploitation of this vulnerability might allow a remote attacker to obtain information.

CWE-601: URL redirection to untrusted site (open redirect).

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

Encuesta valoración

References list
Ficha del producto GIM - TCMAN
Etiquetas