MEDIUM🇵🇱 Wersja polska

CVE-2021-35231

CVSS 6.7v3.1pub. 2021-10-25upd. 2024-11-21

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path: "Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi Syslog Server\Parameters\Application".

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Solarwinds Kiwi Syslog Server

    APP
    Solarwinds
    < 9.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-35237MEDIUM5.0ten sam produkt

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. ...

CVE-2021-35233MEDIUM5.3ten sam produkt

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intende...

CVE-2021-35235MEDIUM5.3ten sam produkt

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET all...

CVE-2021-35236LOW3.1ten sam produkt

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure att...

CVE-2025-40551CRITICAL9.8⚠ KEVPL ✓ten sam vendor

RCE przez deserializację w SolarWinds Web Help Desk — bez uwierzytelnienia