Home / Early Warning / Security Advisories / TCMAN GIM open redirect vulnerability

TCMAN GIM open redirect vulnerability

Publication date: 
3 - Media
Affected resources: 

GIM version v8 and v11.


INCIBE has coordinated the publication of a vulnerability in TCMAN GIM, with the internal code INCIBE-2021-0510, which has been discovered by Víctor Fidalgo Villar, researcher in INCIBE.

CVE-2021-40852 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated, the CVSS vector string is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.


This vulnerability has been solved by TCMAN in GIM v8.0.1 Release 31734.


TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker.

The exploitation of this vulnerability might allow a remote attacker to obtain information.

CWE-601: URL redirection to untrusted site (open redirect).

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

Encuesta valoración