CVE-2013-3503

Name of the Vulnerable Software and Affected Versions GroundWork Monitor Enterprise version 6.7.0

Description The issue is related to an XML External Entity (XXE) problem, allowing remote authenticated users to read arbitrary files. This is possible through the Profile Importer feature in monarch.cgi in the MONARCH component, when an XML document containing an external entity declaration is used in conjunction with an entity reference.

Recommendations For GroundWork Monitor Enterprise version 6.7.0, consider disabling the Profile Importer feature in monarch.cgi until a patch is available to prevent exploitation of the XXE issue. Restrict access to the MONARCH component to minimize the risk of unauthorized file reading.