Vulnerability CVE-2013-3511

Vulnerability CVE-2013-3511

Published: 2013-05-08

Description:

Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

See advisories in our WLB2 database:

	Topic	Author	Date
High	GroundWork Monitor Enterprise 6.7.0 SQL Injection / Command Execution	Johannes Greil	08.03.2013

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	4.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
GWOS -> Groundwork monitor

References:

http://www.kb.cert.org/vuls/id/345260

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt

https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls

Vulnerability CVE-2013-3511

Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

See advisories in our WLB2 database:

High

GroundWork Monitor Enterprise 6.7.0 SQL Injection / Command Execution

CWE-20

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

5.8/10

4.9/10

8.6/10

Remote

Medium

No required

Partial

Partial

None

Affected software

References: