Skip to main content

Kiwi Syslog Server

5 CVEs product

Monthly

CVE-2021-35237 MEDIUM This Month

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kiwi Syslog Server
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-35236 MEDIUM This Month

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-35235 MEDIUM This Month

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-35233 MEDIUM This Month

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-35231 MEDIUM This Month

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kiwi Syslog Server
NVD
CVSS 3.1
6.7
EPSS
0.3%
EPSS 1% CVSS 4.3
MEDIUM This Month

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kiwi Syslog Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Syslog Server
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kiwi Syslog Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy