CVE-2023-23838 - OpenCVE

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Solarwinds	Database Performance Analyzer
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:solarwinds:database_performance_analyzer:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm	Release Notes
https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838	Broken Link Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SolarWinds

Published: 2023-04-25T00:00:00

Updated: 2023-08-03T20:17:22.016Z

Reserved: 2023-01-18T00:00:00

Link: CVE-2023-23838

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-25T18:15:09.370

Modified: 2023-08-03T21:15:13.577

Link: CVE-2023-23838

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-23838", "assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6", "assignerShortName": "SolarWinds", "dateUpdated": "2023-08-03T20:17:22.016Z", "dateReserved": "2023-01-18T00:00:00", "datePublished": "2023-04-25T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Database Performance Analyzer", "vendor": "SolarWinds", "versions": [{"status": "affected", "version": "2022.3 and previous versions"}]}], "datePublic": "2023-04-24T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.</p>"}], "value": "Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1", "lang": "en"}]}], "providerMetadata": {"orgId": "49f11609-934d-4621-84e6-e02e032104d6", "shortName": "SolarWinds", "dateUpdated": "2023-08-03T20:17:22.016Z"}, "references": [{"url": "https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2023-2_release_notes.htm"}, {"url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23838"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SolarWinds recommends upgrading to the latest version of DPA as soon as it becomes available.</p>"}], "value": "SolarWinds recommends upgrading to the latest version of DPA as soon as it becomes available.\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1", "x_generator": {"engine": "vulnogram 0.1.0-rc1"}}}}