Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-35237
PUBLISHED
More InfoOfficial Page
Assigner-SolarWinds
Assigner Org ID-49f11609-934d-4621-84e6-e02e032104d6
View Known Exploited Vulnerability (KEV) details
Published At-29 Oct, 2021 | 13:32
Updated At-16 Sep, 2024 | 22:50
Rejected At-
▼CVE Numbering Authority (CNA)
Clickjacking Vulnerability

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.

Affected Products
Vendor
SolarWinds Worldwide, LLC.SolarWinds
Product
Kiwi Syslog Server
Default Status
unaffected
Versions
Affected
  • From 9.7.2 and previous versions before 9.7.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1021CWE-1021 Protection Mechanism Failure
Metrics
VersionBase scoreBase severityVector
3.15.0MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

SolarWinds has fixed the vulnerability by configuring the X-Frame-Options header. It is recommended that Kiwi Syslog Server customers to upgrade to the latest version (9.8) once it becomes generally available which now uses Microsoft IIS as the web server.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm
x_refsource_MISC
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35237
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm
x_refsource_MISC
x_transferred
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35237
x_refsource_MISC
x_transferred
Details not found