GroundWork Monitor Enterprise contains a flaw in the NeDi component that allows a remote cross site redirection attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
Disclosure Date :2013-03-08
Vendor Ack Date :2013-02-09
Vendor Solution Date :2013-03-06
Vendor Informed Date :2013-02-06