GroundWork Monitor Enterprise 'NeDi' Component Multiple Security Vulnerabilities

The NeDi component of GroundWork Monitor Enterprise is prone to multiple privilege-escalation vulnerabilities, a command-injection vulnerability and an open-redirection vulnerability.

Exploiting these issues could allow an attacker to execute arbitrary commands, gain elevated privileges, obtain unauthorized access to the sensitive information and conduct phishing attacks. Other attacks may also be possible.

GroundWork Monitor Enterprise 6.7.0 is vulnerable; other versions may also be affected.

Note: The SQL Injection and Cross Site Scripting vulnerabilities have been moved to the following BIDs to better document the issues:

59778 GroundWork Monitor Enterprise CVE-2013-3510 Multiple SQL Injection Vulnerabilities
59780 GroundWork Monitor Enterprise CVE-2013-3501 Cross Site Scripting and HTML Injection Vulnerabilities


Privacy Statement
Copyright 2010, SecurityFocus