tcman CVE Vulnerabilities & Metrics

Focus on tcman vulnerabilities and metrics.

Last updated: 18 May 2025, 22:25 UTC

About tcman Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with tcman. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total tcman CVEs: 13
Earliest CVE date: 17 Dec 2021, 17:15 UTC
Latest CVE date: 06 May 2025, 11:15 UTC

Latest CVE reference: CVE-2025-40625

Rolling Stats

30-day Count (Rolling): 6
365-day Count (Rolling): 6

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 200.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 200.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical tcman CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.17

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	9
4.0-6.9	3
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS tcman CVEs

These are the five CVEs with the highest CVSS scores for tcman, sorted by severity first and recency.

CVE-2021-40850 tcman Published on 17 Dec 2021, 17:15 UTC (CVSS: 7.5)
TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.
CVE-2021-40853 tcman Published on 17 Dec 2021, 17:15 UTC (CVSS: 6.4)
TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.
CVE-2021-40852 tcman Published on 17 Dec 2021, 17:15 UTC (CVSS: 5.8)
TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information.
CVE-2021-40851 tcman Published on 17 Dec 2021, 17:15 UTC (CVSS: 5.0)
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.
CVE-2021-4046 tcman Published on 11 Feb 2022, 18:15 UTC (CVSS: 3.5)
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.

All CVEs for tcman

CVE-2025-40625 tcman vulnerability CVSS: 0 06 May 2025, 11:15 UTC

Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).

CVE-2025-40624 tcman vulnerability CVSS: 0 06 May 2025, 11:15 UTC

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and “email” parameters of the ‘updatePassword’ endpoint.

CVE-2025-40623 tcman vulnerability CVSS: 0 06 May 2025, 11:15 UTC

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘Sender’ and “email” parameters of the ‘createNotificationAndroid’ endpoint.

CVE-2025-40622 tcman vulnerability CVSS: 0 06 May 2025, 11:15 UTC

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’ parameter of the ‘GetLastDatePasswordChange’ endpoint.

CVE-2025-40621 tcman vulnerability CVSS: 0 06 May 2025, 11:15 UTC

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndGetData’ endpoint.

CVE-2025-40620 tcman vulnerability CVSS: 0 06 May 2025, 11:15 UTC

CVE-2022-36277 tcman vulnerability CVSS: 0 04 Oct 2023, 16:15 UTC

The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.

CVE-2022-36276 tcman vulnerability CVSS: 0 04 Oct 2023, 16:15 UTC

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.

CVE-2021-4046 tcman vulnerability CVSS: 3.5 11 Feb 2022, 18:15 UTC

The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.

CVE-2021-40853 tcman vulnerability CVSS: 6.4 17 Dec 2021, 17:15 UTC

TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.

CVE-2021-40852 tcman vulnerability CVSS: 5.8 17 Dec 2021, 17:15 UTC

TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information.

CVE-2021-40851 tcman vulnerability CVSS: 5.0 17 Dec 2021, 17:15 UTC

TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information.

CVE-2021-40850 tcman vulnerability CVSS: 7.5 17 Dec 2021, 17:15 UTC

TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.