Shodan
Vulnerabilities
Vulnerable Software
Solarwinds:  >> Database Performance Analyzer  Security Vulnerabilities
CVE-2025-26398
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-08-12
CVE-2023-33231
XSS attack was possible in DPA 2023.2 due to insufficient input validation
CVSS Score
6.1
EPSS Score
0.005
Published
2023-07-18
CVE-2023-23837
No exception handling vulnerability which revealed sensitive or excessive information to users.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-04-25
CVE-2023-23838
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-04-25
CVE-2022-38110
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-01-20
CVE-2022-38112
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-20
CVE-2021-35229
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
CVSS Score
6.8
EPSS Score
0.008
Published
2022-04-21
CVE-2021-35228
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
CVSS Score
5.5
EPSS Score
0.009
Published
2021-10-21
CVE-2018-16243
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.
CVSS Score
5.4
EPSS Score
0.035
Published
2020-12-15
CVE-2018-19386
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
CVSS Score
6.1
EPSS Score
0.233
Published
2019-08-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved