Vulnerabilities > Solarwinds > Database Performance Analyzer

DATE CVE VULNERABILITY TITLE RISK
2023-07-18 CVE-2023-33231 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
XSS attack was possible in DPA 2023.2 due to insufficient input validation
network
low complexity
solarwinds CWE-79
6.1
6.1
2023-04-25 CVE-2023-23837 Improper Handling of Exceptional Conditions vulnerability in Solarwinds Database Performance Analyzer
No exception handling vulnerability which revealed sensitive or excessive information to users.
network
low complexity
solarwinds CWE-755
7.5
7.5
2023-04-25 CVE-2023-23838 Path Traversal vulnerability in Solarwinds Database Performance Analyzer
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
network
low complexity
solarwinds CWE-22
6.5
6.5
2023-01-20 CVE-2022-38110 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
network
low complexity
solarwinds CWE-79
5.4
5.4
2023-01-20 CVE-2022-38112 Cleartext Storage of Sensitive Information vulnerability in Solarwinds Database Performance Analyzer
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
network
low complexity
solarwinds CWE-312
7.5
7.5
2022-04-21 CVE-2021-35229 Cross-site Scripting vulnerability in Solarwinds products
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
network
solarwinds CWE-79
4.3
4.3
2021-10-21 CVE-2021-35228 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 2021.3.7388
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack.
network
high complexity
solarwinds CWE-79
2.6
2.6
2020-12-15 CVE-2018-16243 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.468/12.0.3074
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.
network
solarwinds CWE-79
3.5
3.5
2019-08-14 CVE-2018-19386 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.457
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
network
solarwinds CWE-79
4.3
4.3