CVE-2021-35237

🗓️ 29 Oct 2021 13:32:18Reported by SolarWindsType

A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2021-35237	29 Oct 202118:18	–	circl
CNNVD	Solarwinds Kiwi Syslog Server 安全漏洞	29 Oct 202100:00	–	cnnvd
Cvelist	CVE-2021-35237 Clickjacking Vulnerability	29 Oct 202113:32	–	cvelist
EUVD	EUVD-2021-21880	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in SolarWinds products	21 Oct 202100:00	–	ncsc
NVD	CVE-2021-35237	29 Oct 202114:15	–	nvd
OSV	CVE-2021-35237	29 Oct 202114:15	–	osv
Prion	Design/Logic Flaw	29 Oct 202114:15	–	prion
Positive Technologies	PT-2021-20859 · Unknown · Kiwi Syslog Server	29 Oct 202100:00	–	ptsecurity

NVD

Node

solarwinds kiwi_syslog_serverRange≤9.7.2

[
  {
    "defaultStatus": "unaffected",
    "product": "Kiwi Syslog Server",
    "vendor": "SolarWinds",
    "versions": [
      {
        "lessThan": "9.7.2",
        "status": "affected",
        "version": "9.7.2 and previous versions",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
solarwinds	www.solarwinds.com/trust-center/security-advisories/cve-2021-35237
documentation	www.documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm

17 Jun 2026 03:57Current

4.6Medium risk

Vulners AI Score4.6

CVSS 3.14.3 - 5

CVSS 24.3

EPSS0.00929

CWE-1021