ByteOS Network

Vulnerability Details :

CVE-2013-3499

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-08 May, 2013 | 10:00

Updated At-06 Aug, 2024 | 16:14

GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:08 May, 2013 | 10:00

Updated At:06 Aug, 2024 | 16:14

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securityfocus.com/bid/58404	vdb-entry x_refsource_BID
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls	x_refsource_MISC
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt	x_refsource_MISC
http://www.kb.cert.org/vuls/id/345260	third-party-advisory x_refsource_CERT-VN

Hyperlink: http://www.securityfocus.com/bid/58404

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls

Resource:

x_refsource_MISC

Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt

Resource:

x_refsource_MISC

Hyperlink: http://www.kb.cert.org/vuls/id/345260

Resource:

third-party-advisory

x_refsource_CERT-VN

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/58404	vdb-entry x_refsource_BID x_transferred
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls	x_refsource_MISC x_transferred
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt	x_refsource_MISC x_transferred
http://www.kb.cert.org/vuls/id/345260	third-party-advisory x_refsource_CERT-VN x_transferred

Hyperlink: http://www.securityfocus.com/bid/58404

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.kb.cert.org/vuls/id/345260

Resource:

third-party-advisory

x_refsource_CERT-VN

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:08 May, 2013 | 12:09

Updated At:29 Apr, 2026 | 01:13

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

gwos>>groundwork_monitor>>6.7.0

cpe:2.3:a:gwos:groundwork_monitor:6.7.0:-:enterprise:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.kb.cert.org/vuls/id/345260	cve@mitre.org	US Government Resource
http://www.securityfocus.com/bid/58404	cve@mitre.org	N/A
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls	cve@mitre.org	N/A
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt	cve@mitre.org	N/A
http://www.kb.cert.org/vuls/id/345260	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
http://www.securityfocus.com/bid/58404	af854a3a-2127-422b-91ae-364da2661108	N/A
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://www.kb.cert.org/vuls/id/345260

Source: cve@mitre.org

Resource:

US Government Resource

Hyperlink: http://www.securityfocus.com/bid/58404

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.kb.cert.org/vuls/id/345260

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

US Government Resource

Hyperlink: http://www.securityfocus.com/bid/58404

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

2Records found

CVE-2013-3506

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-1.45% / 80.86%

7 Day CHG~0.00%

Published-08 May, 2013 | 10:00

Updated-29 Apr, 2026 | 01:13

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.

Vendor-gwos n/a

Product-groundwork_monitor n/a

CVE-2013-3500

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.52% / 66.79%

7 Day CHG~0.00%

Published-08 May, 2013 | 10:00

Updated-29 Apr, 2026 | 01:13

The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script.

Vendor-gwos n/a

Product-groundwork_monitor n/a

CVE-2013-3499

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs