U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:solarwinds:database_performance_analyzer:2021.3.7388:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2023-33231

XSS attack was possible in DPA 2023.2 due to insufficient input validation

Published: July 18, 2023; 1:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-23838

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.

Published: April 25, 2023; 2:15:09 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-23837

No exception handling vulnerability which revealed sensitive or excessive information to users.

Published: April 25, 2023; 2:15:09 PM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-38112

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.

Published: January 20, 2023; 1:15:10 PM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-38110

In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.

Published: January 20, 2023; 1:15:10 PM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-35229

Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query

Published: April 21, 2022; 3:15:08 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-35228

This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.

Published: October 21, 2021; 2:15:10 PM -0400 		V4.0:(not available)
 V3.1: 4.7 MEDIUM
V2.0: 2.6 LOW