CVE-2021-21488

Name of the Vulnerable Software and Affected Versions Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50

Description The issue allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization. This triggers the attacker's code and impacts Availability.

Recommendations For versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50, consider restricting access to user-controlled data deserialization to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.