Headline
CVE-2021-40853: TCMAN GIM missing authorization vulnerability
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.
Description:
INCIBE has coordinated the publication of a vulnerability in TCMAN GIM, with the internal code INCIBE-2021-0511, which has been discovered by Víctor Fidalgo Villar, researcher in INCIBE.
CVE-2021-40853 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated, the CVSS vector string is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Solution:
This vulnerability has been solved by TCMAN in GIM v8.0.1 Release 31734.
Detail:
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them.
The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.
CWE-862: missing authorization.
If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.
