CVE-2019-12864
Last modified
CVE-2019-12864 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Solarwinds | Netpath | 1.1.4 | — |
| Solarwinds | Network Performance Monitor | 12.4 | — |
| Solarwinds | Orion Platform | 2018.4 | Hotfix3 |
References
- https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/Exploit, Third Party Advisory
- https://www.solarwinds.com/network-performance-monitorVendor Advisory
- https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/Exploit, Third Party Advisory
- https://www.solarwinds.com/network-performance-monitorVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-12864?
How severe is CVE-2019-12864?
How do I fix CVE-2019-12864?
Are you affected by CVE-2019-12864?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST