CVE-2022-38112
HIGHSolarWinds Database Performance Analyzer < 2022.4 - Cleartext Storage of Sensitive Information in Heap Memory Dumps
Title source: llmDescription
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory
https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-1_release_notes.htm
Release Notes, Vendor Advisory
https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38112
Scores
CVSS v3
7.5
EPSS
0.0079
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-312
Status
published
Products (1)
solarwinds/database_performance_analyzer
< 2022.4
Published
Jan 20, 2023
Tracked Since
Feb 18, 2026