Gwos Groundwork Monitor — known CVE vulnerabilities
Every CVE whose affected-product data names Gwos Groundwork Monitor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2013-3499 — CVSS 7.5 (high): GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to…
CVE-2013-3500 — CVSS 7.5 (high): The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under…
CVE-2013-3506 — CVSS 7.5 (high): cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML…
CVE-2013-3513 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote…
CVE-2013-3502 — CVSS 6.5 (medium): monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary…
CVE-2013-3508 — CVSS 6.5 (medium): html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote…
CVE-2013-3509 — CVSS 6.5 (medium): html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary…
CVE-2013-3512 — CVSS 6.5 (medium): The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote…
CVE-2013-3511 — CVSS 5.8 (medium): Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to…
CVE-2013-3504 — CVSS 5.5 (medium): Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote…
CVE-2013-3505 — CVSS 4.0 (medium): The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions…
CVE-2013-3507 — CVSS 4.0 (medium): The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct…
CVE-2013-3503 — CVSS 3.5 (low): The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated…