GroundWork Monitor Enterprise 'Performance' Component Arbitrary File Overwrite Vulnerability

Bugtraq ID:	58412
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 06 2013 12:00AM
Updated:	Mar 06 2013 12:00AM
Credit:	Johannes Greil, SEC Consult Vulnerability Lab
Vulnerable:
Not Vulnerable:

GroundWork Monitor Enterprise 'Performance' Component Arbitrary File Overwrite Vulnerability

GroundWork Monitor Enterprise is prone to a vulnerability that may allow attackers to overwrite arbitrary files.

Successful exploits may allow an attacker to overwrite arbitrary files and execute arbitrary commands in the context of the user running the affected application.

GroundWork Monitor Enterprise 6.7.0 is vulnerable; other versions may also be affected.

GroundWork Monitor Enterprise 'Performance' Component Arbitrary File Overwrite Vulnerability

Attackers can use a browser to exploit this issue.

GroundWork Monitor Enterprise 'Performance' Component Arbitrary File Overwrite Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

GroundWork Monitor Enterprise 'Performance' Component Arbitrary File Overwrite Vulnerability

References: