CVE-2021-35229

Cross-Site Scripting Vulnerability using SQL Query

Description

Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query

Remediation

Solution:

  • SolarWinds recommends customers upgrade to the latest version once it becomes generally available.

Category

6.8
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 1.03% Top 25%
Vendor Advisory solarwinds.com Vendor Advisory solarwinds.com
Affected: SolarWinds Database Performance Monitor
Published at:
Updated at:

References

Link Tags
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35229 vendor advisory
https://documentation.solarwinds.com/en/success_center/dpa/content/release_notes/dpa_2022-2_release_notes.htm release notes vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-35229?
CVE-2021-35229 has been scored as a medium severity vulnerability.
How to fix CVE-2021-35229?
To fix CVE-2021-35229: SolarWinds recommends customers upgrade to the latest version once it becomes generally available.
Is CVE-2021-35229 being actively exploited in the wild?
It is possible that CVE-2021-35229 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-35229?
CVE-2021-35229 affects SolarWinds Database Performance Monitor.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.