Vulnerabilities > Solarwinds > Kiwi Syslog Server

DATE CVE VULNERABILITY TITLE RISK
2021-10-29 CVE-2021-35237 Improper Restriction of Rendered UI Layers or Frames vulnerability in Solarwinds Kiwi Syslog Server
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking.
network
low complexity
solarwinds CWE-1021
4.3
2021-10-27 CVE-2021-35233 Unspecified vulnerability in Solarwinds Kiwi Syslog Server
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier.
network
low complexity
solarwinds
5.0
2021-10-27 CVE-2021-35235 Unspecified vulnerability in Solarwinds Kiwi Syslog Server
The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions.
network
low complexity
solarwinds
5.0
2021-10-27 CVE-2021-35236 Missing Encryption of Sensitive Data vulnerability in Solarwinds Kiwi Syslog Server
The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions.
network
low complexity
solarwinds CWE-311
5.3
2021-10-25 CVE-2021-35231 Unquoted Search Path or Element vulnerability in Solarwinds Kiwi Syslog Server
As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry.
local
low complexity
solarwinds CWE-428
4.6