Solarwinds Database_performance_analyzer

10 CVEs affecting Solarwinds Database_performance_analyzer. Latest disclosed: 2025-08-12. Critical: 0, High: 2.

Top CVEs affecting Solarwinds Database_performance_analyzer
CVESeverityScorePublishedSummary
CVE-2023-23837High7.52023-04-25No exception handling vulnerability which revealed sensitive or excessive information to users.
CVE-2022-38112High7.52023-01-20In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVE-2021-35229Medium6.82022-04-21Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
CVE-2023-23838Medium6.52023-04-25Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
CVE-2023-33231Medium6.12023-07-18XSS attack was possible in DPA 2023.2 due to insufficient input validation
CVE-2018-19386Medium6.12019-08-14SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected i…
CVE-2025-26398Medium5.62025-08-12SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-m…
CVE-2021-35228Medium5.52021-10-21This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a…
CVE-2022-38110Medium5.42023-01-20In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVE-2018-16243Medium5.42020-12-15SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen…