ByteOS Network

NVD Vulnerability Details :

CVE-2013-3503

Modified

Source-cve@mitre.org

Published At-08 May, 2013 | 12:09

Updated At-29 Apr, 2026 | 01:13

The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 3.5

Base severity: LOW

Vector:

AV:N/AC:M/Au:S/C:P/I:N/A:N

CPE Matches

gwos>>groundwork_monitor>>6.7.0

cpe:2.3:a:gwos:groundwork_monitor:6.7.0:-:enterprise:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.kb.cert.org/vuls/id/345260	cve@mitre.org	US Government Resource
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls	cve@mitre.org	N/A
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt	cve@mitre.org	N/A
http://www.kb.cert.org/vuls/id/345260	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt	af854a3a-2127-422b-91ae-364da2661108	N/A