7 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

XSS attack was possible in DPA 2023.2 due to insufficient input validation • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2-100_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-33231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

No exception handling vulnerability which revealed sensitive or excessive information to users. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23837 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38110 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. En DPA 2022.4 y versiones anteriores, los volcados de memoria del montón generados contienen información sensible en texto no cifrado. • https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38112 • CWE-312: Cleartext Storage of Sensitive Information •