PT-2013-4434 · Groundwork · Groundwork Monitor Enterprise

Published

2013-05-08

Updated

2013-11-25

CVE-2013-3499

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GroundWork Monitor Enterprise version 6.7.0

Description The issue allows remote attackers to gain administrative privileges or access files by crafting a specific HTTP header.

Recommendations For GroundWork Monitor Enterprise version 6.7.0, consider modifying the authentication mechanism to not rely solely on the HTTP Referer header, as a temporary workaround, until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-3499

Affected Products

Groundwork Monitor Enterprise

PT-2013-4434 · Groundwork · Groundwork Monitor Enterprise

CVE-2013-3499

Weakness Enumeration

Related Identifiers

Affected Products

References · 5