CVE-2019-12864

Published: May 4, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.

Affected (3)

Products: Solarwinds: Netpath, Network Performance Monitor, Orion Platform

3 products

Network Performance Monitor

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Netpath	Version 1.1.4
Solarwinds Network Performance Monitor	Version 12.4
Solarwinds Orion Platform	Version 2018.4 hotfix3

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (4)

https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.solarwinds.com/network-performance-monitor

Source: cve@mitre.org

Vendor Advisory

https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.solarwinds.com/network-performance-monitor

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.