5.5

CVE-2019-12864

Exploit

EPSS 0.22%
Veröffentlicht 04.05.2020 14:15:12
Zuletzt bearbeitet 21.11.2024 04:23:43
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Netpath Version1.1.4

Solarwinds ≫ Network Performance Monitor Version12.4

Solarwinds ≫ Orion Platform Version2018.4 Updatehotfix3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.42

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://www.solarwinds.com/network-performance-monitor

Vendor Advisory

https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-12864

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12864

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12864

EUVD