Vulnerabilities > Solarwinds > Kiwi Syslog Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-29 | CVE-2021-35237 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Solarwinds Kiwi Syslog Server A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. | 4.3 |
| 2021-10-27 | CVE-2021-35233 | Unspecified vulnerability in Solarwinds Kiwi Syslog Server The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. | 5.0 |
| 2021-10-27 | CVE-2021-35235 | Unspecified vulnerability in Solarwinds Kiwi Syslog Server The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. | 5.0 |
| 2021-10-27 | CVE-2021-35236 | Missing Encryption of Sensitive Data vulnerability in Solarwinds Kiwi Syslog Server The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. | 5.3 |
| 2021-10-25 | CVE-2021-35231 | Unquoted Search Path or Element vulnerability in Solarwinds Kiwi Syslog Server As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | 4.6 |