QID 376249

Date Published: 2022-01-20

QID 376249: SolarWinds Kiwi Syslog Server Clickjacking Vulnerability

SolarWinds Kiwi Syslog Server is an affordable, easy-to-use syslog server for IT administrators and network teams. An unquoted service path vulnerability has been identified in Kiwi Syslog Server which allows a local attacker to escalate privileges.

Affected Versions:
Kiwi Syslog Server 9.7.2 and earlier
QID Detection Logic
This QID checks NetLauncher.exe file for vulnerable versions of Kiwi Syslog Server

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking.

CVSS V3 rated as Medium - 4.3 severity.

CVSS V2 rated as Medium - 4.3 severity.

Solution

Customers are advised to contact SolarWinds 9.8 to fix this vulnerbaility.

Vendor References

Kiwi Syslog Server - www.solarwinds.com/trust-center/security-advisories/cve-2021-35237

CVEs related to QID 376249

CVE-2021-35237 |

Software Advisories

Advisory ID	Software	Component	Link
CVE-2021-35237			www.solarwinds.com/trust-center/security-advisories/cve-2021-35237

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].