5 matches found
CVE-2021-35229
CVE-2021-35229 is a cross-site scripting vulnerability in SolarWinds Database Performance Monitor (DPM) 2022.1.7779 and earlier when handling complex SQL queries. The CVE entries in NVD describe impact to confidentiality and integrity (C/L) with network attack vector and variable user interaction...
CVE-2023-23837
CVE-2023-23837 relates to SolarWinds Database Performance Analyzer (DPA). Affected: DPA 2023.1 and earlier; root cause: absence of proper exception handling leading to disclosure of sensitive or excessive information to users. Reported impact: high confidentiality impact with no integrity or avai...
CVE-2023-33231
CVE-2023-33231 applies to SolarWinds Database Performance Analyzer 2023.2, where XSS is caused by insufficient input validation in the web UI. The issue is tracked across multiple feeds; CVSS 3.1 base score 6.1 (MEDIUM), attack vector Network, user interaction Required, scope Changed. Connected a...
CVE-2023-23838
CVE-2023-23838 affects SolarWinds Database Performance Analyzer (DPA) up to version 2022.3 and earlier, described as a directory traversal and file enumeration vulnerability that could allow access to different folders on the server. Various sources corroborate the vulnerability in DPA (2023.1/ea...
CVE-2025-26398
CVE-2025-26398 is documented as a vulnerability in SolarWinds Database Performance Analyzer where a hard-coded cryptographic key exists. According to the sources, exploitation could enable a local attacker with administrator privileges (and with access to the host where the additional software is...