CVE-2018-16243

Name of the Vulnerable Software and Affected Versions SolarWinds Database Performance Analyzer (DPA) versions 11.1.468 through 12.0.3074

Description The issue is related to the failure to protect the web page structure, allowing a remote attacker to perform a cross-site scripting attack. This can be exploited through various components, including logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.

Recommendations For versions 11.1.468 through 12.0.3074, consider disabling access to the affected components, such as logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen, until a patch is available. Restrict the use of these components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.