GroundWork Monitor Enterprise Multiple Security Vulnerabilities
GroundWork Monitor Enterprise is prone to multiple security vulnerabilities, including:
1. A security-bypass vulnerability
2. An information-disclosure vulnerability
Successfully exploiting these issues allows remote attackers to bypass security restrictions and disclose sensitive information in the context of the affected site; other attacks are also possible.
GroundWork Monitor Enterprise 6.7.0 is vulnerable; other versions may also be affected.
Note: The HTML-injection vulnerabilities have been moved to BID 59780 (GroundWork Monitor Enterprise CVE-2013-3501 Cross Site Scripting and HTML Injection Vulnerabilities) to better document them.