TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this vulnerability to access URL that require privileges without having them. The exploitation of this vulnerability might allow a remote attacker to obtain sensible information.
https://www.incibe.es/en/incibe-cert/notices/aviso/tcman-gim-missing-authorization-vulnerability