CVE-2019-12864
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
Orion Platform versión 2018.4 HF3 de SolarWinds (NPM versión 12.4, NetPath versión 1.1.4), es vulnerable a una Filtración de Información, debido al manejo inapropiado de errores con rastros de pila, como es demostrado al detectar una ruta completa en un Error de Servidor Interno 500 mediante el parámetro query de api2/swis/query?lang=en-us&swAlertOnError=false.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-06-16 CVE Reserved
- 2020-05-04 CVE Published
- 2023-09-07 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-209: Generation of Error Message Containing Sensitive Information
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.esecforte.com/network-performance-monitor-india-esec-forte-technologies | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.solarwinds.com/network-performance-monitor | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Netpath Search vendor "Solarwinds" for product "Netpath" | 1.1.4 Search vendor "Solarwinds" for product "Netpath" and version "1.1.4" | - |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Network Performance Monitor Search vendor "Solarwinds" for product "Network Performance Monitor" | 12.4 Search vendor "Solarwinds" for product "Network Performance Monitor" and version "12.4" | - |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Platform Search vendor "Solarwinds" for product "Orion Platform" | 2018.4 Search vendor "Solarwinds" for product "Orion Platform" and version "2018.4" | hotfix3 |
Affected
| ||||||