CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33231 – XSS in SolarWinds Database Performance Analyzer 2023.2
https://notcve.org/view.php?id=CVE-2023-33231
XSS attack was possible in DPA 2023.2 due to insufficient input validation • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2-100_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23837 – No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1
https://notcve.org/view.php?id=CVE-2023-23837
No exception handling vulnerability which revealed sensitive or excessive information to users. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23837 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23838 – Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1
https://notcve.org/view.php?id=CVE-2023-23838
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38112 – Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-38112
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. En DPA 2022.4 y versiones anteriores, los volcados de memoria del montón generados contienen información sensible en texto no cifrado. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38112 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38110 – Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2022-38110
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •