Solarwinds: >> Database Performance Analyzer >> 11.1.457 Security Vulnerabilities
XSS attack was possible in DPA 2023.2 due to insufficient input validation
CVSS Score
6.1
EPSS Score
0.005
Published
2023-07-18
No exception handling vulnerability which revealed sensitive or excessive information to users.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-04-25
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-04-25
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-01-20
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-20
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
CVSS Score
6.8
EPSS Score
0.01
Published
2022-04-21
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
CVSS Score
6.1
EPSS Score
0.233
Published
2019-08-14