CVE-2021-35235

EPSS 2.39%
Veröffentlicht 27.10.2021 01:15:07
Zuletzt bearbeitet 21.11.2024 06:12:07
Quelle psirt@solarwinds.com
CVE-Watchlists
Login
Unerledigt
Login

The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Kiwi Syslog Server Version <= 9.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.39%	0.836

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@solarwinds.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-11 ASP.NET Misconfiguration: Creating Debug Binary

Debugging messages help attackers learn about the system and plan a form of attack.

https://documentation.solarwinds.com/en/success_center/kss/content/release_notes/kss_9-8_release_notes.htm

Vendor Advisory

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35235

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-35235

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-35235

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-35235

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-35235