Solarwinds Kiwi Syslog Server — known CVE vulnerabilities
Every CVE whose affected-product data names Solarwinds Kiwi Syslog Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2021-35231 — CVSS 6.7 (medium): As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain…
CVE-2021-35233 — CVSS 5.3 (medium): The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes…
CVE-2021-35235 — CVSS 5.3 (medium): The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web…
CVE-2021-35237 — CVSS 5.0 (medium): A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack…
CVE-2021-35236 — CVSS 3.1 (low): The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to…