2025-12-02 13:18:13
INCIBE
PUBLISHED
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the pda:username parameter with soapaction GetLastDatePasswordChange in /WS/PDAWebService.asmx.