CVE-2013-3512
GroundWork Monitor Enterprise 6.7.0 - Authenticated Configuration Manipulation via Cacti Component
Title source: llmDescription
The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or modify configuration settings via unspecified vectors, as demonstrated by reading credentials.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls
Various Sources x_refsource_misc
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/345260
Scores
EPSS
0.0152
EPSS Percentile
71.6%
Details
CWE
CWE-20
Status
published
Products (1)
gwos/groundwork_monitor
6.7.0
Published
May 08, 2013
Tracked Since
Feb 18, 2026