Vulnerabilities > Solarwinds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-29 | CVE-2021-35237 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Solarwinds Kiwi Syslog Server A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. | 4.3 |
| 2021-10-27 | CVE-2021-35233 | Unspecified vulnerability in Solarwinds Kiwi Syslog Server The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. | 5.3 |
| 2021-10-27 | CVE-2021-35235 | Unspecified vulnerability in Solarwinds Kiwi Syslog Server The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. | 5.3 |
| 2021-10-27 | CVE-2021-35236 | Missing Encryption of Sensitive Data vulnerability in Solarwinds Kiwi Syslog Server The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. | 5.3 |
| 2021-10-25 | CVE-2021-35231 | Unquoted Search Path or Element vulnerability in Solarwinds Kiwi Syslog Server As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | 6.7 |
| 2021-10-22 | CVE-2021-35230 | Path Traversal vulnerability in Solarwinds Kiwi Cattools 3.6.0(Serviceedition) As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | 6.7 |
| 2021-10-21 | CVE-2021-35225 | Unspecified vulnerability in Solarwinds Network Performance Monitor Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. | 6.4 |
| 2021-10-21 | CVE-2021-35227 | Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | 7.8 |
| 2021-10-21 | CVE-2021-35228 | Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 2021.3.7388 This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. | 4.7 |
| 2021-10-12 | CVE-2021-35214 | Insufficient Session Expiration vulnerability in Solarwinds Pingdom The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. | 4.7 |