Sensitive Information Disclosure Vulnerability
CVE-2022-38112
7.5HIGH
Key Information
- Vendor
- Solarwinds
- Status
- Database Performance Analyzer (dpa)
- Vendor
- CVE Published:
- 20 January 2023
Summary
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
Affected Version(s)
Database Performance Analyzer (DPA) <= 2022.4
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 6.3 to: 7.5 - (HIGH)
Risk change from: 7.5 to: 6.3 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database