Reconnecting to live updates…

CVE-2025-41014: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in TCMAN GIM

Medium

VulnerabilityCVE-2025-41014cve cve-2025-41014 cwe-200

Published: Tue Dec 02 2025 (12/02/2025, 13:18:13 UTC)

Source: CVE Database V5

Vendor/Project: TCMAN

Product: GIM

Description

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in '/WS/PDAWebService.asmx'.

Technical Details

Data Version: 5.2
Assigner Short Name: INCIBE
Date Reserved: 2025-04-16T09:08:43.218Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 692eecf35ae7112264d1dd3a

Added to database: 12/2/2025, 1:43:15 PM

Last updated: 12/2/2025, 1:43:24 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-41086: CWE-639 Authorization Bypass Through User-Controlled Key in AMS Development Corp. GAMS

Medium

VulnerabilityTue Dec 02 2025

CVE-2025-41015: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in TCMAN GIM

Medium

VulnerabilityTue Dec 02 2025

CVE-2025-41013: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in TCMAN GIM

High

VulnerabilityTue Dec 02 2025

CVE-2025-41012: CWE-862 Missing Authorization in TCMAN GIM

High

VulnerabilityTue Dec 02 2025

CVE-2025-40700: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IDI Eikon Governalia

Medium

VulnerabilityTue Dec 02 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-41014: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in TCMAN GIM

CVE-2025-41014: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in TCMAN GIM

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-41086: CWE-639 Authorization Bypass Through User-Controlled Key in AMS Development Corp. GAMS

CVE-2025-41015: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in TCMAN GIM

CVE-2025-41013: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in TCMAN GIM

CVE-2025-41012: CWE-862 Missing Authorization in TCMAN GIM

CVE-2025-40700: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IDI Eikon Governalia

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility