10 matches found
CVE-2018-19386
SolarWinds Database Performance Analyzer 11.1.457 contains a reflected XSS in idcStateError where the page parameter is reflected into the HREF of the “Try Again” button at /iwc/idcStateError.iwc?page=. Exploitation would execute script in the victim’s browser, potentially enabling session hijack...
CVE-2021-35229
CVE-2021-35229 is a cross-site scripting vulnerability in SolarWinds Database Performance Monitor (DPM) 2022.1.7779 and earlier when handling complex SQL queries. The CVE entries in NVD describe impact to confidentiality and integrity (C/L) with network attack vector and variable user interaction...
CVE-2022-38110
SolarWinds Database Performance Analyzer (DPA) versions 2022.4 and older are vulnerable to authenticated reflected cross‑site scripting via certain URL vectors. The root cause is exposure of URL handling that can reflect input back to authenticated users, enabling XSS within affected sessions. Af...
CVE-2022-38112
CVE-2022-38112 affects SolarWinds Database Performance Analyzer (DPA) versions 2022.4 and earlier. The underlying issue is that generated heap memory dumps disclose sensitive information in cleartext, impacting confidentiality (NVD/CVSS base 7.5 HIGH). The NCSC advisory notes fixes in DPA 2023.1;...
CVE-2023-23837
CVE-2023-23837 relates to SolarWinds Database Performance Analyzer (DPA). Affected: DPA 2023.1 and earlier; root cause: absence of proper exception handling leading to disclosure of sensitive or excessive information to users. Reported impact: high confidentiality impact with no integrity or avai...
CVE-2023-33231
CVE-2023-33231 applies to SolarWinds Database Performance Analyzer 2023.2, where XSS is caused by insufficient input validation in the web UI. The issue is tracked across multiple feeds; CVSS 3.1 base score 6.1 (MEDIUM), attack vector Network, user interaction Required, scope Changed. Connected a...
CVE-2023-23838
CVE-2023-23838 affects SolarWinds Database Performance Analyzer (DPA) up to version 2022.3 and earlier, described as a directory traversal and file enumeration vulnerability that could allow access to different folders on the server. Various sources corroborate the vulnerability in DPA (2023.1/ea...
CVE-2018-16243
SolarWinds Database Performance Analyzer (DPA) versions 11.1.468 and 12.0.3074 contain persistent cross-site scripting (XSS) vulnerabilities. Affected components include logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central....
CVE-2021-35228
CVE-2021-35228 affects SolarWinds SolarWinds Database Performance Analyzer (DPA) in version 2021.3.7388, due to missing input sanitization of a header-extracted output field, enabling a reflected XSS if an attacker can perform a MITM to modify a header. The vulnerability is described as a reflect...
CVE-2025-26398
CVE-2025-26398 is documented as a vulnerability in SolarWinds Database Performance Analyzer where a hard-coded cryptographic key exists. According to the sources, exploitation could enable a local attacker with administrator privileges (and with access to the host where the additional software is...