Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36277: Multiple Vulnerabilities Tcman Gim | INCIBE-CERT

The 'sReferencia’, 'sDescripcion’, ‘txtCodigo’ and ‘txtDescripcion’ parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.

CVE
#sql#xss#vulnerability#web

Affected Resources

GIM version v8.0.1 (r25269), (20220209).

Description

INCIBE has coordinated the publication of 2 vulnerabilities in TCMAN GIM, which has been discovered by Pablo Arias Rodríguez and Jorge Alberto Palma Reyes, researchers of the CSIRT-CV Red Team.

These vulnerabilities have been assigned the following codes:

  • CVE-2022-36276. A CVSS v3.1 base score of 9,9 has been calculated; the CVSS vector string is AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L. The vulnerability type is CWE-89: improper neutralization of special elements used in an SQL command (SQL injection).
  • CVE-2022-36277. A CVSS v3.1 base score of 6,5 has been calculated; the CVSS vector string is AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability type is CWE-79: improper neutralization of input during web page generation (Cross-Site Scripting).

Solution

These vulnerabilities have been solved by TCMAN in GIM v8.0.1 (r7116), (20220504).

Detail

  • CVE-2022-36276: TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the ‘SqlWhere’ parameter inside the function 'BuscarESM’. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.
  • CVE-2022-36277: the 'sReferencia’, 'sDescripcion’, ‘txtCodigo’ and ‘txtDescripcion’ parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.

If you have any information regarding this advisory, please contact INCIBE as indicated in the 'CVE assignment and publication’.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907