cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-23837,https://securityvulnerability.io/vulnerability/CVE-2023-23837,No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1,"A vulnerability in SolarWinds Database Performance Analyzer has been identified that involves improper exception handling. This flaw can unintentionally expose sensitive or excessive information to users, potentially compromising data integrity and security. Organizations using affected versions should assess their systems and apply relevant security patches to mitigate risks associated with this vulnerability.",Solarwinds,Database Performance Analyzer,7.5,HIGH,0.0020600000862032175,false,,false,false,false,,,false,false,,2023-04-25T00:00:00.000Z,0 CVE-2023-23838,https://securityvulnerability.io/vulnerability/CVE-2023-23838,Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1,"Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. ",Solarwinds,Database Performance Analyzer,6.5,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-04-25T00:00:00.000Z,0 CVE-2022-38110,https://securityvulnerability.io/vulnerability/CVE-2022-38110,Reflected Cross-Site Scripting Vulnerability,"In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. ",Solarwinds,Database Performance Analyzer (dpa),5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-01-20T00:00:00.000Z,0 CVE-2022-38112,https://securityvulnerability.io/vulnerability/CVE-2022-38112,Sensitive Information Disclosure Vulnerability,"In versions of SolarWinds Database Performance Analyzer (DPA) 2022.4 and earlier, there exists a vulnerability where generated heap memory dumps can expose sensitive information in cleartext format. This exposure could lead to unauthorized access to critical data, thus posing significant risks to the integrity and confidentiality of stored information. Organizations utilizing affected versions are strongly urged to upgrade to later releases and implement appropriate security measures to mitigate potential data breaches.",Solarwinds,Database Performance Analyzer (dpa),7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-01-20T00:00:00.000Z,0 CVE-2018-16243,https://securityvulnerability.io/vulnerability/CVE-2018-16243,Persistent XSS Vulnerabilities in SolarWinds Database Performance Analyzer,"SolarWinds Database Performance Analyzer is susceptible to persistent Cross-Site Scripting (XSS) vulnerabilities affecting various components such as logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen. Attackers can exploit these vulnerabilities to inject malicious scripts into affected components, potentially compromising user data and the overall integrity of the application.",Solarwinds,Database Performance Analyzer,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-12-15T22:31:23.000Z,0 CVE-2018-19386,https://securityvulnerability.io/vulnerability/CVE-2018-19386,,"SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.",Solarwinds,Database Performance Analyzer,6.1,MEDIUM,0.002369999885559082,false,,false,false,false,,,false,false,,2019-08-14T19:30:16.000Z,0