SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
References
Link | Resource |
---|---|
https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/ | Exploit Third Party Advisory |
https://www.solarwinds.com/network-performance-monitor | Vendor Advisory |
https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/ | Exploit Third Party Advisory |
https://www.solarwinds.com/network-performance-monitor | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/ - Exploit, Third Party Advisory | |
References | () https://www.solarwinds.com/network-performance-monitor - Vendor Advisory |
Information
Published : 2020-05-04 14:15
Updated : 2024-11-21 04:23
NVD link : CVE-2019-12864
Mitre link : CVE-2019-12864
CVE.ORG link : CVE-2019-12864
JSON object : View
Products Affected
solarwinds
- netpath
- orion_platform
- network_performance_monitor
CWE
CWE-209
Generation of Error Message Containing Sensitive Information