CVE-2021-22439

Name of the Vulnerable Software and Affected Versions Huawei AnyOffice version V200R006C10

Description The issue is related to a deserialization vulnerability that allows an attacker to construct a specific request to exploit it. Successfully exploiting this vulnerability enables the attacker to execute remote malicious code injection and control the device. It is associated with the restoration of untrusted data in memory, which can allow a remote attacker to execute arbitrary code or gain full control of the application using a specially crafted request.

Recommendations For Huawei AnyOffice version V200R006C10, consider disabling the deserialization function temporarily until a patch is available to prevent remote malicious code injection. Restrict access to the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.