RETIRED: GroundWork Monitor Enterprise 'Noma' Component Multiple Input Validation Vulnerabilities
The Noma component of GroundWork Monitor Enterprise is prone to a cross-site request forgery vulnerability, multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL injection vulnerability because the application does not properly sanitize user-supplied inputs.
Exploiting these issues could allow an attacker to perform certain administrative actions and gain unauthorized access to the affected application, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GroundWork Monitor Enterprise 6.7.0 is vulnerable; other versions may also be affected.
This BID is being retired. The following individual records exist to better document the issues:
59778 GroundWork Monitor Enterprise CVE-2013-3513 Multiple SQL Injection Vulnerabilities
59780 GroundWork Monitor Enterprise CVE-2013-3501 Cross Site Scripting and HTML Injection Vulnerabilities
59781 GroundWork Monitor Enterprise CVE-2013-3513 Multiple Cross Site Request Forgery Vulnerabilities