SolarWinds Database Performance Analyzer
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SolarWinds Database Performance Analyzer.
By the Year
In 2026 there have been 0 vulnerabilities in SolarWinds Database Performance Analyzer. Last year, in 2025 Database Performance Analyzer had 1 security vulnerability published. Right now, Database Performance Analyzer is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.60 |
| 2024 | 0 | 0.00 |
| 2023 | 5 | 6.60 |
| 2022 | 1 | 6.10 |
| 2021 | 1 | 4.70 |
| 2020 | 1 | 5.40 |
| 2019 | 1 | 6.10 |
It may take a day or so for new Database Performance Analyzer vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SolarWinds Database Performance Analyzer Security Vulnerabilities
SolarWinds DPA Hard-Coded Crypto Key – Local Privilege Escalation
CVE-2025-26398
5.6 - Medium
- August 12, 2025
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host.
Use of Hard-coded Credentials
DPA 2023.2 XSS via Unsanitized Input
CVE-2023-33231
6.1 - Medium
- July 18, 2023
XSS attack was possible in DPA 2023.2 due to insufficient input validation
XSS
Directory Traversal + File Enumeration in Server Path Resolution
CVE-2023-23838
6.5 - Medium
- April 25, 2023
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.
Directory traversal
Vulnerability: Lack of Exception Handling Leaks Sensitive Information
CVE-2023-23837
7.5 - High
- April 25, 2023
No exception handling vulnerability which revealed sensitive or excessive information to users.
Improper Handling of Exceptional Conditions
Sensitive Data Exposed via Cleartext Heap Dumps in DPA 2022.4
CVE-2022-38112
7.5 - High
- January 20, 2023
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
Cleartext Storage of Sensitive Information
Auth Reflected XSS in DPA <=2022.4 via URL vectors
CVE-2022-38110
5.4 - Medium
- January 20, 2023
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.
XSS
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
CVE-2021-35229
6.1 - Medium
- April 21, 2022
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
XSS
This vulnerability occurred due to missing input sanitization for one of the output fields
CVE-2021-35228
4.7 - Medium
- October 21, 2021
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
XSS
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities
CVE-2018-16243
5.4 - Medium
- December 15, 2020
SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.
XSS
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component
CVE-2018-19386
6.1 - Medium
- August 14, 2019
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SolarWinds Database Performance Analyzer or by SolarWinds? Click the Watch button to subscribe.
