What is CVE-2021-35236?

CVE-2021-35236 is a low-severity vulnerability in Solarwinds Kiwi Syslog Server, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 3.1/10. Published 2021-10-27.

How severe is CVE-2021-35236?

Low severity. CVSS v3 base score is 3.1 out of 10.

Vulnerability in Solarwinds Kiwi Syslog Server

CVE-2021-35236

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help…

EPSS: 0.005 (66.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N.

Affected products

Solarwinds Kiwi Syslog Server — versions 9.7.2 and Previous Versions

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

References

documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-… (x_refsource_MISC)
www.solarwinds.com/trust-center/security-advisories/cve-2021-35236 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-35236?: CVE-2021-35236 is a low-severity vulnerability in Solarwinds Kiwi Syslog Server, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 3.1/10. Published 2021-10-27.
How severe is CVE-2021-35236?: Low severity. CVSS v3 base score is 3.1 out of 10.