Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Solarwinds Subscribe
Filtered by product Database Performance Analyzer
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38110 1 Solarwinds 1 Database Performance Analyzer 2023-01-27 N/A 5.4 MEDIUM
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVE-2022-38112 1 Solarwinds 1 Database Performance Analyzer 2023-01-26 N/A 7.5 HIGH
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVE-2021-35229 1 Solarwinds 2 Database Performance Analyzer, Database Performance Monitor 2022-05-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
CVE-2021-35228 1 Solarwinds 1 Database Performance Analyzer 2021-10-26 2.6 LOW 4.7 MEDIUM
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
CVE-2018-16243 1 Solarwinds 1 Database Performance Analyzer 2020-12-17 3.5 LOW 5.4 MEDIUM
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.
CVE-2018-19386 1 Solarwinds 1 Database Performance Analyzer 2019-08-27 4.3 MEDIUM 6.1 MEDIUM
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.