CVE-2021-32056
4.3
MEDIUM
CVSS 3.1
EPSS 0.20%
Description
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
How to fix CVE-2021-32056
To remediate CVE-2021-32056, upgrade the affected package to a fixed version below.
- Debian/cyrus-imapd—upgrade to 3.2.6-2 or later
Is CVE-2021-32056 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.2.6-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |