Summaryinfo

A vulnerability marked as critical has been reported in SolarWinds Kiwi Syslog Server. This impacts an unknown function of the component HTTP Header Handler. The manipulation leads to protection mechanism. This vulnerability is uniquely identified as CVE-2021-35237. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Detailsinfo

A vulnerability was found in SolarWinds Kiwi Syslog Server. It has been rated as critical. This issue affects an unknown code of the component HTTP Header Handler. The manipulation with an unknown input leads to a protection mechanism vulnerability. Using CWE to declare the problem leads to CWE-693. The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. Impacted is confidentiality, integrity, and availability.

The weakness was disclosed 10/29/2021. The advisory is shared at solarwinds.com. The identification of this vulnerability is CVE-2021-35237 since 06/22/2021. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.

Upgrading to version 9.8 eliminates this vulnerability. The upgrade is hosted for download at documentation.solarwinds.com.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• SolarWinds

Name

• Kiwi Syslog Server

License

• commercial

Website

• Vendor: https://www.solarwinds.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion