GroundWork Monitor Enterprise XML External Entity Injection And Command Injection Vulnerabilities

GroundWork Monitor Enterprise is prone to an XML External Entity injection vulnerability and a remote command-injection vulnerability.

Attackers can exploit these issues to execute arbitrary commands and obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.

GroundWork Monitor Enterprise 6.7.0 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus