Vulnerabilities > Solarwinds > Database Performance Analyzer > 2021.3.7438

DATE CVE VULNERABILITY TITLE RISK
2023-07-18 CVE-2023-33231 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
XSS attack was possible in DPA 2023.2 due to insufficient input validation
network
low complexity
solarwinds CWE-79
6.1
6.1
2023-04-25 CVE-2023-23837 Improper Handling of Exceptional Conditions vulnerability in Solarwinds Database Performance Analyzer
No exception handling vulnerability which revealed sensitive or excessive information to users.
network
low complexity
solarwinds CWE-755
7.5
7.5
2023-04-25 CVE-2023-23838 Path Traversal vulnerability in Solarwinds Database Performance Analyzer
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
network
low complexity
solarwinds CWE-22
6.5
6.5
2023-01-20 CVE-2022-38110 Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
network
low complexity
solarwinds CWE-79
5.4
5.4
2023-01-20 CVE-2022-38112 Cleartext Storage of Sensitive Information vulnerability in Solarwinds Database Performance Analyzer
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
network
low complexity
solarwinds CWE-312
7.5
7.5
2022-04-21 CVE-2021-35229 Cross-site Scripting vulnerability in Solarwinds products
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
network
solarwinds CWE-79
4.3
4.3