Solarwinds Database_performance_analyzer
10 CVEs affecting Solarwinds Database_performance_analyzer. Latest disclosed: 2025-08-12. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-23837 | High | 7.5 | 2023-04-25 | No exception handling vulnerability which revealed sensitive or excessive information to users. |
CVE-2022-38112 | High | 7.5 | 2023-01-20 | In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. |
CVE-2021-35229 | Medium | 6.8 | 2022-04-21 | Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query |
CVE-2023-23838 | Medium | 6.5 | 2023-04-25 | Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. |
CVE-2023-33231 | Medium | 6.1 | 2023-07-18 | XSS attack was possible in DPA 2023.2 due to insufficient input validation |
CVE-2018-19386 | Medium | 6.1 | 2019-08-14 | SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected i… |
CVE-2025-26398 | Medium | 5.6 | 2025-08-12 | SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-m… |
CVE-2021-35228 | Medium | 5.5 | 2021-10-21 | This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a… |
CVE-2022-38110 | Medium | 5.4 | 2023-01-20 | In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. |
CVE-2018-16243 | Medium | 5.4 | 2020-12-15 | SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen… |