Vulnerability in Gwos Groundwork_monitor

CVE-2013-3506

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leverag…

EPSS: 0.025 (82.6th percentile) — read the EPSS interpretation.

Affected products

Gwos Groundwork_monitor — versions 6.7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
VU#345260 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)