Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solarwinds database performance analyzer vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-16243
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.
Solarwinds Database Performance Analyzer 12.0.3074
Solarwinds Database Performance Analyzer 11.1.468
383
VMScore
CVE-2021-35229
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
Solarwinds Database Performance Analyzer
Solarwinds Database Performance Monitor
NA
CVE-2022-38112
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
Solarwinds Database Performance Analyzer
NA
CVE-2023-23837
No exception handling vulnerability which revealed sensitive or excessive information to users.
Solarwinds Database Performance Analyzer
NA
CVE-2023-23838
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
Solarwinds Database Performance Analyzer
NA
CVE-2022-38110
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
Solarwinds Database Performance Analyzer
NA
CVE-2023-33231
XSS attack was possible in DPA 2023.2 due to insufficient input validation
Solarwinds Database Performance Analyzer
384
VMScore
CVE-2018-19386
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
Solarwinds Database Performance Analyzer 11.1.457
231
VMScore
CVE-2021-35228
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change ...
Solarwinds Database Performance Analyzer 2021.3.7388
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started