SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
References
Link | Resource |
---|---|
https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/ | Exploit Third Party Advisory |
https://www.solarwinds.com/network-performance-monitor | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-05-04 14:15
Updated : 2024-02-28 17:47
NVD link : CVE-2019-12864
Mitre link : CVE-2019-12864
CVE.ORG link : CVE-2019-12864
JSON object : View
Products Affected
solarwinds
- network_performance_monitor
- orion_platform
- netpath
CWE
CWE-209
Generation of Error Message Containing Sensitive Information