SB2021052127 - Deserialization of Untrusted Data in emissary

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021052127

SB2021052127 - Deserialization of Untrusted Data in emissary

Published: May 21, 2021 Updated: April 7, 2026

Security Bulletin ID SB2021052127
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Deserialization of Untrusted Data (CVE-ID: CVE-2021-32634)

CWE-ID: CWE-502 - Deserialization of Untrusted Data

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to deserialization of untrusted data in the WorkSpaceClientEnqueue.action REST endpoint when processing post-authenticated requests. A remote privileged user can send a specially crafted serialized request to execute arbitrary code.

Since version 6.3.0, the endpoint is protected against CSRF attacks, which reduces the impact of the vulnerability.


Remediation

Install update from vendor's website.

References