) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:solarwinds:database_performance_analyzer:2021.3.7438:*:*:*:*:*:*:*
- CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-33231 |
XSS attack was possible in DPA 2023.2 due to insufficient input validation Published: July 18, 2023; 1:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-23838 |
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. Published: April 25, 2023; 2:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2023-23837 |
No exception handling vulnerability which revealed sensitive or excessive information to users. Published: April 25, 2023; 2:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-38112 |
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. Published: January 20, 2023; 1:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2022-38110 |
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. Published: January 20, 2023; 1:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2021-35229 |
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query Published: April 21, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |