9 results (0.007 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-33231 – XSS in SolarWinds Database Performance Analyzer 2023.2

https://notcve.org/view.php?id=CVE-2023-33231

18 Jul 2023 — XSS attack was possible in DPA 2023.2 due to insufficient input validation • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2-100_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-23838 – Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1

https://notcve.org/view.php?id=CVE-2023-23838

25 Apr 2023 — Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-23837 – No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1

https://notcve.org/view.php?id=CVE-2023-23837

25 Apr 2023 — No exception handling vulnerability which revealed sensitive or excessive information to users. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm • CWE-209: Generation of Error Message Containing Sensitive Information CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-38110 – Reflected Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2022-38110

20 Jan 2023 — In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-38112 – Sensitive Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2022-38112

20 Jan 2023 — In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. En DPA 2022.4 y versiones anteriores, los volcados de memoria del montón generados contienen información sensible en texto no cifrado. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0

CVE-2021-35229 – Cross-Site Scripting Vulnerability using SQL Query

https://notcve.org/view.php?id=CVE-2021-35229

21 Apr 2022 — Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query Se presenta una vulnerabilidad de tipo Cross-site scripting en Database Performance Monitor versiones 2022.1.7779 y versiones anteriores, cuando es usada una consulta SQL compleja • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2022-2_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-35228 – Reflected cross site scripting affecting SolarWinds: DPA 2021.3.7388

https://notcve.org/view.php?id=CVE-2021-35228

21 Oct 2021 — This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim. Esta vulnerabilidad se produjo debido a una falta de saneo de la entrada para uno de los campos de salida que se extrae de los encabezados en la sección específica de la página causando un ataque de tipo ... • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2021-3-7438_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 3%CPEs: 2EXPL: 0

CVE-2018-16243

https://notcve.org/view.php?id=CVE-2018-16243

15 Dec 2020 — SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. SolarWinds Database Performance Analyzer (DPA) versiones 11.1.468 y 12.0.3074, presentan varias vulnerabilidades de tipo XSS persistente, relacionadas con los archivos logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagemen... • https://gist.github.com/james-otten/d3ee2f0fccc3b87aafe1616a6c2c2d4e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 23%CPEs: 1EXPL: 2

CVE-2018-19386

https://notcve.org/view.php?id=CVE-2018-19386

14 Aug 2019 — SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. SolarWinds Database Performance Analyzer versión 11.1.457, contiene una instancia de vulnerabilidad XSS Reflejado en su componente idcStateError, donde el parámetro page es reflejado en el HREF del Botón "Try Again" sobre la página, también se conoce como un UR... • https://i.imgur.com/Y7t2AD6.png • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •