Vulnerability in Solarwinds Kiwi Syslog Server
CVE-2021-35233
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTT…
EPSS: 0.010 (77.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Solarwinds Kiwi Syslog Server — versions 9.7.2 and previous versions
Weakness classification (CWE)
References
- documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-… (x_refsource_MISC)
- www.solarwinds.com/trust-center/security-advisories/CVE-2021-35233 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-35233?
- CVE-2021-35233 is a medium-severity vulnerability in Solarwinds Kiwi Syslog Server, classified under CWE-16. CVSS score: 5.3/10. Published 2021-10-27.
- How severe is CVE-2021-35233?
- Medium severity. CVSS v3 base score is 5.3 out of 10.