2025-12-02 13:18:25
INCIBE
PUBLISHED
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the pda:username parameter with soapaction GetUserQuestionAndAnswer in /WS/PDAWebService.asmx.