cvedb.io
CVE-2021-35236
LOW · CVSS 3.1
EPSS exploitation probability: 0%
Published 2021-10-27T01:15:07.530 · Last modified 2026-06-17T03:57:21.457

Summary

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text.

Affected products

solarwinds — kiwi_syslog_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when solarwinds ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.