Home / Early Warning / Security Advisories / TCMAN GIM open redirect vulnerability

TCMAN GIM open redirect vulnerability

Publication date: 
12/14/2021
Importance: 
3 - Media
Affected resources: 

GIM version v8 and v11.

Description: 

INCIBE has coordinated the publication of a vulnerability in TCMAN GIM, with the internal code INCIBE-2021-0510, which has been discovered by Víctor Fidalgo Villar, researcher in INCIBE.

CVE-2021-40852 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated, the CVSS vector string is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Solution: 

This vulnerability has been solved by TCMAN in GIM v8.0.1 Release 31734.

Detail: 

TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker.

The exploitation of this vulnerability might allow a remote attacker to obtain information.

CWE-601: URL redirection to untrusted site (open redirect).

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

Encuesta valoración