Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-35236


The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7.2 and previous versions. The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP, there is a potential for the cookie can be sent in clear text.


Published

2021-10-27T01:15:07.530

Last Modified

2024-11-21T06:12:07.410

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.1 (LOW)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-614
  • Type: Primary
    CWE-311

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application solarwinds kiwi_syslog_server ≤ 9.7.2 Yes

References