CVE-2022-38112 HIGH

CVE-2022-38112: Sensitive Information Disclosure Vulnerability

Vendor Solarwinds
Product Database Performance Analyzer (DPA)
Weakness CWE-312 · Cleartext storage
Published January 20, 2023
Last update April 3, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.

Key dates

02Disclosure timeline

January 20, 2023 CVE published
April 3, 2025 Record updated