CVE-2021-35237

Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server (affected versions not specified)

Description: A missing HTTP header (X-Frame-Options) has left customers vulnerable to clickjacking. Clickjacking is an attack where an attacker uses a transparent iframe to trick a user into clicking on an actionable item, such as a button or link, to another server with an identical webpage. The attacker hijacks the user activity intended for the original server and sends them to the other server, attacking both the user and the server.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.