SolarWinds Orion Platform 2018.4 HF3 Error query information disclosure

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in SolarWinds Orion Platform 2018.4 HF3. Affected is an unknown code of the file api2/swis/query?lang=en-us&swAlertOnError=false of the component Error Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1005771205/05/2020VulD...cve_nvd_summarySolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.mitre.org05/05/2020accepted100
1005771105/05/2020VulD...cve_assigned1560643200mitre.org05/05/2020accepted100
1005770705/05/2020VulD...cvss3_nvd_aNnist.gov05/05/2020accepted100
1005770605/05/2020VulD...cvss3_nvd_iNnist.gov05/05/2020accepted100
1005770505/05/2020VulD...cvss3_nvd_cHnist.gov05/05/2020accepted100
1005770405/05/2020VulD...cvss3_nvd_sUnist.gov05/05/2020accepted100
1005770305/05/2020VulD...cvss3_nvd_uiNnist.gov05/05/2020accepted100
1005770205/05/2020VulD...cvss3_nvd_prLnist.gov05/05/2020accepted100
1005770105/05/2020VulD...cvss3_nvd_acLnist.gov05/05/2020accepted100
1005770005/05/2020VulD...cvss3_nvd_avLnist.gov05/05/2020accepted100
1005768705/05/2020VulD...cvss2_nvd_aiNnist.gov05/05/2020accepted100
1005768605/05/2020VulD...cvss2_nvd_iiNnist.gov05/05/2020accepted100
1005768505/05/2020VulD...cvss2_nvd_ciPnist.gov05/05/2020accepted100
1005768405/05/2020VulD...cvss2_nvd_auNnist.gov05/05/2020accepted100
1005768305/05/2020VulD...cvss2_nvd_acLnist.gov05/05/2020accepted100
1005768205/05/2020VulD...cvss2_nvd_avLnist.gov05/05/2020accepted100
1005767205/05/2020VulD...cwe200 (information disclosure)05/05/2020accepted100
1005771905/05/2020VulD...cvss3_nvd_basescore5.5nist.gov05/05/2020accepted90
1005771805/05/2020VulD...cvss3_vuldb_rcX05/05/2020accepted90
1005771705/05/2020VulD...cvss3_vuldb_rlX05/05/2020accepted90

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!