Solarwinds Kiwi Syslog Server
5 CVEs affecting Solarwinds Kiwi Syslog Server. Latest disclosed: 2021-10-29. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-35231 | Medium | 6.7 | 2021-10-25 | As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges b… |
CVE-2021-35235 | Medium | 5.3 | 2021-10-27 | The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if conf… |
CVE-2021-35233 | Medium | 5.3 | 2021-10-27 | The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the w… |
CVE-2021-35237 | Medium | 5.0 | 2021-10-29 | A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an att… |
CVE-2021-35236 | Low | 3.1 | 2021-10-27 | The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie… |