Solarwinds: >> Database Performance Analyzer >> 2021.3.7388 Security Vulnerabilities
XSS attack was possible in DPA 2023.2 due to insufficient input validation
CVSS Score
6.1
EPSS Score
0.005
Published
2023-07-18
No exception handling vulnerability which revealed sensitive or excessive information to users.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-04-25
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-04-25
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-01-20
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-20
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
CVSS Score
6.8
EPSS Score
0.01
Published
2022-04-21
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
CVSS Score
5.5
EPSS Score
0.009
Published
2021-10-21