CVE-2021-21488
Severity
6.5MEDIUM
EPSS
0.7%
top 29.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMar 9
Latest updateMay 24
Description
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6