James Otten

**Name of the Vulnerable Software and Affected Versions** SolarWinds Database Performance Analyzer (DPA) versions 11.1.468 through 12.0.3074 **Description** The issue is related to the failure to protect the web page structure, allowing a remote attacker to perform a cross-site scripting attack. This can be exploited through various components, including `logViewer.iwc`, `centralManage.cen`, `userAdministration.iwc`, `database.iwc`, `alertManagement.iwc`, `eventAnnotations.iwc`, and `central.cen`. **Recommendations** For versions 11.1.468 through 12.0.3074, consider disabling access to the affected components, such as `logViewer.iwc`, `centralManage.cen`, `userAdministration.iwc`, `database.iwc`, `alertManagement.iwc`, `eventAnnotations.iwc`, and `central.cen`, until a patch is available. Restrict the use of these components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Applications Manager versions prior to build 13740 **Description** A serialization issue allows for remote code execution on Windows systems via a payload on an SMB share. **Recommendations** For versions prior to build 13740, update to build 13740 or later to resolve the issue.