CVEs (10)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Solarwinds 1Database Performance Analyzer Nov 17, 2025 Aug 12, 2025 N/A· v4 6.4 MEDIUM· v3 N/A· v2 SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability require...Show more |
1Solarwinds 1Database Performance Analyzer Nov 21, 2024 Jul 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 XSS attack was possible in DPA 2023.2 due to insufficient input validation |
1Solarwinds 1Database Performance Analyzer Feb 4, 2025 Apr 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
|
1Solarwinds 1Database Performance Analyzer Feb 4, 2025 Apr 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 No exception handling vulnerability which revealed sensitive or excessive information to users.
|
1Solarwinds 1Database Performance Analyzer Nov 21, 2024 Jan 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
|
1Solarwinds 1Database Performance Analyzer Nov 21, 2024 Jan 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
|
1Solarwinds 2Database Performance Analyzer Database Performance MonitorNov 21, 2024 Apr 21, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query |
1Solarwinds 1Database Performance Analyzer Nov 21, 2024 Oct 21, 2021 N/A· v4 4.7 MEDIUM· v3 2.6 LOW· v2 This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would ne...Show more |
1Solarwinds 1Database Performance Analyzer Nov 21, 2024 Dec 15, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, e...Show more |
1Solarwinds 1Database Performance Analyzer Nov 21, 2024 Aug 14, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iw...Show more |