Lucene search
K
SolarwindsDatabase Performance Analyzer

10 matches found

CVE
CVE
added 2019/08/14 7:30 p.m.74 views

CVE-2018-19386

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected XSS in idcStateError where the page parameter is reflected into the HREF of the “Try Again” button at /iwc/idcStateError.iwc?page=. Exploitation would execute script in the victim’s browser, potentially enabling session hijack...

6.1CVSS6AI score0.09044EPSS
Web
CVE
CVE
added 2022/04/21 6:18 p.m.71 views

CVE-2021-35229

CVE-2021-35229 is a cross-site scripting vulnerability in SolarWinds Database Performance Monitor (DPM) 2022.1.7779 and earlier when handling complex SQL queries. The CVE entries in NVD describe impact to confidentiality and integrity (C/L) with network attack vector and variable user interaction...

6.8CVSS6.4AI score0.02982EPSS
CVE
CVE
added 2023/01/20 12:0 a.m.55 views

CVE-2022-38110

SolarWinds Database Performance Analyzer (DPA) versions 2022.4 and older are vulnerable to authenticated reflected cross‑site scripting via certain URL vectors. The root cause is exposure of URL handling that can reflect input back to authenticated users, enabling XSS within affected sessions. Af...

5.4CVSS5.2AI score0.00398EPSS
CVE
CVE
added 2023/01/20 12:0 a.m.55 views

CVE-2022-38112

CVE-2022-38112 affects SolarWinds Database Performance Analyzer (DPA) versions 2022.4 and earlier. The underlying issue is that generated heap memory dumps disclose sensitive information in cleartext, impacting confidentiality (NVD/CVSS base 7.5 HIGH). The NCSC advisory notes fixes in DPA 2023.1;...

7.5CVSS7.4AI score0.00412EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.55 views

CVE-2023-23837

CVE-2023-23837 relates to SolarWinds Database Performance Analyzer (DPA). Affected: DPA 2023.1 and earlier; root cause: absence of proper exception handling leading to disclosure of sensitive or excessive information to users. Reported impact: high confidentiality impact with no integrity or avai...

7.5CVSS7.4AI score0.00809EPSS
CVE
CVE
added 2023/07/18 4:50 p.m.54 views

CVE-2023-33231

CVE-2023-33231 applies to SolarWinds Database Performance Analyzer 2023.2, where XSS is caused by insufficient input validation in the web UI. The issue is tracked across multiple feeds; CVSS 3.1 base score 6.1 (MEDIUM), attack vector Network, user interaction Required, scope Changed. Connected a...

6.1CVSS6AI score0.00455EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.48 views

CVE-2023-23838

CVE-2023-23838 affects SolarWinds Database Performance Analyzer (DPA) up to version 2022.3 and earlier, described as a directory traversal and file enumeration vulnerability that could allow access to different folders on the server. Various sources corroborate the vulnerability in DPA (2023.1/ea...

6.5CVSS6.5AI score0.01272EPSS
CVE
CVE
added 2020/12/15 10:31 p.m.45 views

CVE-2018-16243

SolarWinds Database Performance Analyzer (DPA) versions 11.1.468 and 12.0.3074 contain persistent cross-site scripting (XSS) vulnerabilities. Affected components include logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central....

5.4CVSS5.2AI score0.01359EPSS
CVE
CVE
added 2021/10/21 5:43 p.m.43 views

CVE-2021-35228

CVE-2021-35228 affects SolarWinds SolarWinds Database Performance Analyzer (DPA) in version 2021.3.7388, due to missing input sanitization of a header-extracted output field, enabling a reflected XSS if an attacker can perform a MITM to modify a header. The vulnerability is described as a reflect...

5.5CVSS4.7AI score0.00558EPSS
CVE
CVE
added 2025/08/12 8:10 a.m.19 views

CVE-2025-26398

CVE-2025-26398 is documented as a vulnerability in SolarWinds Database Performance Analyzer where a hard-coded cryptographic key exists. According to the sources, exploitation could enable a local attacker with administrator privileges (and with access to the host where the additional software is...

6.4CVSS7AI score0.00169EPSS