cbcvebase.

Solarwinds Database Performance Analyzer vulnerabilities

11 known vulnerabilities affecting solarwinds/database_performance_analyzer.

Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM9

Vulnerabilities

Page 1 of 1
CVE-2018-19386P3MEDIUMCVSS 6.1PoCv11.1.4572019-08-14
CVE-2018-19386 [MEDIUM] CWE-79 CVE-2018-19386: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcSt SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
nvd
CVE-2023-23837P3HIGHCVSS 7.5fixed in 2023.2v2022.3 and previous versions2023-04-25
CVE-2023-23837 [HIGH] CWE-755 CVE-2023-23837: No exception handling vulnerability which revealed sensitive or excessive information to users. No exception handling vulnerability which revealed sensitive or excessive information to users.
nvd
CVE-2022-38112P3HIGHCVSS 7.5≤ 2022.4≥ SolarWinds, ≤ 2022.42023-01-20
CVE-2022-38112 [HIGH] CWE-312 CVE-2022-38112: In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in clear In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
nvd
CVE-2023-23838P3MEDIUMCVSS 6.5fixed in 2023.2v2022.3 and previous versions2023-04-25
CVE-2023-23838 [MEDIUM] CWE-22 CVE-2023-23838: Directory traversal and file enumeration vulnerability which allowed users to enumerate to different Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
nvd
CVE-2021-35229P4MEDIUMCVSS 6.1fixed in 2022.22022-04-21
CVE-2021-35229 [MEDIUM] CWE-79 CVE-2021-35229: Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previo Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
nvd
CVE-2025-26398P4MEDIUMCVSS 6.4fixed in 2025.3v2025.2 and below2025-08-12
CVE-2025-26398 [MEDIUM] CWE-798 CVE-2025-26398: SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exp SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.
nvd
CVE-2023-33231P4MEDIUMCVSS 6.1fixed in 2023.2.1002023-07-18
CVE-2023-33231 [MEDIUM] CWE-79 CVE-2023-33231: XSS attack was possible in DPA 2023.2 due to insufficient input validation XSS attack was possible in DPA 2023.2 due to insufficient input validation
nvd
CVE-2018-16243P4MEDIUMCVSS 5.4v11.1.468v12.0.30742020-12-15
CVE-2018-16243 [MEDIUM] CWE-79 CVE-2018-16243: SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vu SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.
nvd
CVE-2026-28322P4MEDIUMCVSS 5.6v2026.1 and below2026-06-30
CVE-2026-28322 [MEDIUM] CWE-20 CVE-2026-28322: SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting v SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
nvd
CVE-2022-38110P4MEDIUMCVSS 5.4≤ 2022.4≥ SolarWinds, ≤ 2022.42023-01-20
CVE-2022-38110 [MEDIUM] CWE-79 CVE-2022-38110: In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptibl In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
nvd
CVE-2021-35228P4MEDIUMCVSS 4.7v2021.3.73882021-10-21
CVE-2021-35228 [MEDIUM] CWE-79 CVE-2021-35228: This vulnerability occurred due to missing input sanitization for one of the output fields that is e This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
nvd
Solarwinds Database Performance Analyzer vulnerabilities | cvebase