Vulnerabilities > Solarwinds > Netpath > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-04 CVE-2019-12864 Information Exposure Through an Error Message vulnerability in Solarwinds products
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.
local
low complexity
solarwinds CWE-209
5.5
2020-02-25 CVE-2019-12863 Cross-site Scripting vulnerability in Solarwinds products
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
network
low complexity
solarwinds CWE-79
4.8