| ID |
CVE-2013-3502
|
| Summary |
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 6.5 (as of 03-11-2013 - 03:33) |
| Impact: | 6.4 |
| Exploitability: | 8.0 |
|
| CWE |
CWE-255 |
| CAPEC |
Click the CAPEC title to display a description
|
| Access |
| Vector | Complexity | Authentication |
|---|
| NETWORK |
LOW |
SINGLE |
|
| Impact |
| Confidentiality | Integrity | Availability |
|---|
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| refmap
via4
|
| cert-vn | VU#345260 | | exploit-db | 25001 | | misc | |
|
| Last major update |
03-11-2013 - 03:33 |
| Published |
08-05-2013 - 12:09 |
| Last modified |
03-11-2013 - 03:33 |