Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40853: TCMAN GIM missing authorization vulnerability

TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.

CVE
#vulnerability

Description:

INCIBE has coordinated the publication of a vulnerability in TCMAN GIM, with the internal code INCIBE-2021-0511, which has been discovered by Víctor Fidalgo Villar, researcher in INCIBE.

CVE-2021-40853 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated, the CVSS vector string is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Solution:

This vulnerability has been solved by TCMAN in GIM v8.0.1 Release 31734.

Detail:

TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them.

The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.

CWE-862: missing authorization.

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

Encuesta valoración

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda