Solarwinds Database Performance Analyzer — known CVE vulnerabilities
Every CVE whose affected-product data names Solarwinds Database Performance Analyzer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2023-23837 — CVSS 7.5 (high): No exception handling vulnerability which revealed sensitive or excessive information to users.
CVE-2022-38112 — CVSS 7.5 (high): In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVE-2021-35229 — CVSS 6.8 (medium): Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL…
CVE-2023-23838 — CVSS 6.5 (medium): Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
CVE-2018-19386 — CVSS 6.1 (medium): SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page…
CVE-2025-26398 — CVSS 5.6 (medium): SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead…
CVE-2021-35228 — CVSS 5.5 (medium): This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific…
CVE-2022-38110 — CVSS 5.4 (medium): In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site…
CVE-2018-16243 — CVSS 5.4 (medium): SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to…