CVE-2013-3507
GroundWork Monitor Enterprise 6.7.0 - Authenticated Sensitive Information Exposure via NeDi Component
Title source: llmDescription
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls
Various Sources x_refsource_misc
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/345260
Scores
EPSS
0.0134
EPSS Percentile
67.8%
Details
CWE
CWE-200
Status
published
Products (1)
gwos/groundwork_monitor
6.7.0
Published
May 08, 2013
Tracked Since
Feb 18, 2026