CVE-2019-12864

MEDIUM Year: 2019
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-209
View all →

Vulnerability Description

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.

Related Vulnerabilities

CVE-2021-1546

MEDIUM
CVSS:5.5(Medium)

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access throu...

CWE-2092021

CVE-2021-3620

MEDIUM
CVSS:5.5(Medium)

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest thr...

CWE-2092021

CVE-2021-47161

MEDIUM
CVSS:5.5(Medium)

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix a resource leak in an error handling path 'dspi_request_dma()' should be undone by a 'dspi_release_dma()' cal...

CWE-2092021

CVE-2022-0563

MEDIUM
CVSS:5.5(Medium)

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. Wh...

CWE-2092022

CVE-2022-35640

MEDIUM
CVSS:5.5(Medium)

IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned. IBM X-Force ID: 230933.

CWE-2092022

CVE-2023-0833

MEDIUM
CVSS:5.5(Medium)

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This is...

CWE-2092023