A vulnerability classified as critical was found in Gwos GroundWork Monitor 6.7.0. This vulnerability affects some unknown functionality. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. The CWE definition for the vulnerability is CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) store XSS sequences or (2) delete entries.

The weakness was presented 05/08/2013 as confirmed advisory (CERT.org). The advisory is shared for download at kb.cert.org. This vulnerability was named CVE-2013-3513 since 05/08/2013. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

The commercial vulnerability scanner Qualys is able to test this issue with plugin 121170 (GroundWork Monitor Enterprise Multiple Remote Vulnerabilities).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

See VDB-64107, VDB-64106, VDB-64105 and VDB-64104 for similar entries.

Productinfo

Vendor

• Gwos

Name

• GroundWork Monitor

Version

• 6.7.0

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion