Vulnerability in Gwos Groundwork_monitor

CVE-2013-3499

GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header.

EPSS: 0.032 (86.5th percentile) — read the EPSS interpretation.

Affected products

Gwos Groundwork_monitor — versions 6.7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

58404 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
VU#345260 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)