GroundWork Monitor Enterprise Multiple Security Vulnerabilities

GroundWork Monitor Enterprise is prone to multiple security vulnerabilities, including:

1. A security-bypass vulnerability
2. An information-disclosure vulnerability

Successfully exploiting these issues allows remote attackers to bypass security restrictions and disclose sensitive information in the context of the affected site; other attacks are also possible.

GroundWork Monitor Enterprise 6.7.0 is vulnerable; other versions may also be affected.

Note: The HTML-injection vulnerabilities have been moved to BID 59780 (GroundWork Monitor Enterprise CVE-2013-3501 Cross Site Scripting and HTML Injection Vulnerabilities) to better document them.


Privacy Statement
Copyright 2010, SecurityFocus