Vulnerabilities > Solarwinds > Network Performance Monitor > 12.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-21 | CVE-2021-35225 | Unspecified vulnerability in Solarwinds Network Performance Monitor Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. | 5.5 |
| 2020-05-04 | CVE-2019-12864 | Information Exposure vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter. | 2.1 |
| 2020-02-25 | CVE-2019-12863 | Cross-site Scripting vulnerability in Solarwinds products SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen. | 3.5 |