GroundWork Monitor Enterprise Multiple Security Vulnerabilities
BID:58406
Info
GroundWork Monitor Enterprise Multiple Security Vulnerabilities
| Bugtraq ID: | 58406 |
| Class: | Unknown |
| CVE: |
CVE-2013-3500 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 06 2013 12:00AM |
| Updated: | May 09 2013 01:02PM |
| Credit: | Johannes Greil, SEC Consult Vulnerability Lab |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
GroundWork Monitor Enterprise Multiple Security Vulnerabilities
GroundWork Monitor Enterprise is prone to multiple security vulnerabilities, including:
1. A security-bypass vulnerability
2. An information-disclosure vulnerability
Successfully exploiting these issues allows remote attackers to bypass security restrictions and disclose sensitive information in the context of the affected site; other attacks are also possible.
GroundWork Monitor Enterprise 6.7.0 is vulnerable; other versions may also be affected.
Note: The HTML-injection vulnerabilities have been moved to BID 59780 (GroundWork Monitor Enterprise CVE-2013-3501 Cross Site Scripting and HTML Injection Vulnerabilities) to better document them.
GroundWork Monitor Enterprise is prone to multiple security vulnerabilities, including:
1. A security-bypass vulnerability
2. An information-disclosure vulnerability
Successfully exploiting these issues allows remote attackers to bypass security restrictions and disclose sensitive information in the context of the affected site; other attacks are also possible.
GroundWork Monitor Enterprise 6.7.0 is vulnerable; other versions may also be affected.
Note: The HTML-injection vulnerabilities have been moved to BID 59780 (GroundWork Monitor Enterprise CVE-2013-3501 Cross Site Scripting and HTML Injection Vulnerabilities) to better document them.
Exploit / POC
GroundWork Monitor Enterprise Multiple Security Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
GroundWork Monitor Enterprise Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
GroundWork Monitor Enterprise Multiple Security Vulnerabilities
References:
References: