Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:solarwinds:database_performance_analyzer:12.0.3074:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-33231 |
XSS attack was possible in DPA 2023.2 due to insufficient input validation Published: July 18, 2023; 1:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-23838 |
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. Published: April 25, 2023; 2:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-23837 |
No exception handling vulnerability which revealed sensitive or excessive information to users. Published: April 25, 2023; 2:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38112 |
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. Published: January 20, 2023; 1:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38110 |
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. Published: January 20, 2023; 1:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-35229 |
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query Published: April 21, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16243 |
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. Published: December 15, 2020; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |