Vulnerability CVE-2019-12864


Published: 2020-05-04

Description:
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Solarwinds -> Netpath 
Solarwinds -> Network performance monitor 
Solarwinds -> Orion platform 

 References:
https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/
https://www.solarwinds.com/network-performance-monitor

Copyright 2024, cxsecurity.com

 

Back to Top