CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33231 – XSS in SolarWinds Database Performance Analyzer 2023.2
https://notcve.org/view.php?id=CVE-2023-33231
18 Jul 2023 — XSS attack was possible in DPA 2023.2 due to insufficient input validation • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2-100_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23838 – Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1
https://notcve.org/view.php?id=CVE-2023-23838
25 Apr 2023 — Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23837 – No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1
https://notcve.org/view.php?id=CVE-2023-23837
25 Apr 2023 — No exception handling vulnerability which revealed sensitive or excessive information to users. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm • CWE-209: Generation of Error Message Containing Sensitive Information CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38110 – Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2022-38110
20 Jan 2023 — In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38112 – Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-38112
20 Jan 2023 — In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. En DPA 2022.4 y versiones anteriores, los volcados de memoria del montón generados contienen información sensible en texto no cifrado. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-35229 – Cross-Site Scripting Vulnerability using SQL Query
https://notcve.org/view.php?id=CVE-2021-35229
21 Apr 2022 — Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query Se presenta una vulnerabilidad de tipo Cross-site scripting en Database Performance Monitor versiones 2022.1.7779 y versiones anteriores, cuando es usada una consulta SQL compleja • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2022-2_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 3%CPEs: 2EXPL: 0CVE-2018-16243
https://notcve.org/view.php?id=CVE-2018-16243
15 Dec 2020 — SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. SolarWinds Database Performance Analyzer (DPA) versiones 11.1.468 y 12.0.3074, presentan varias vulnerabilidades de tipo XSS persistente, relacionadas con los archivos logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagemen... • https://gist.github.com/james-otten/d3ee2f0fccc3b87aafe1616a6c2c2d4e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •