{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2021/cve-2021-32056-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-06-13T02:53:53Z", "generator": { "date": "2026-06-13T02:53:53Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2021-32056-ELS_OS-RHEL7ELS", "initial_release_date": "2021-05-10T14:15:00Z", "revision_history": [ { "date": "2021-05-10T14:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-13T02:53:53Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2021-32056" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "cyrus-imapd-0:2.4.17-15.el7.x86_64", "product": { "name": "cyrus-imapd-0:2.4.17-15.el7.x86_64", "product_id": "cyrus-imapd-0:2.4.17-15.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cyrus-imapd@2.4.17-15.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cyrus-imapd-utils-0:2.4.17-15.el7.x86_64", "product": { "name": "cyrus-imapd-utils-0:2.4.17-15.el7.x86_64", "product_id": "cyrus-imapd-utils-0:2.4.17-15.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cyrus-imapd-utils@2.4.17-15.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cyrus-imapd-devel-0:2.4.17-15.el7.x86_64", "product": { "name": "cyrus-imapd-devel-0:2.4.17-15.el7.x86_64", "product_id": "cyrus-imapd-devel-0:2.4.17-15.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cyrus-imapd-devel@2.4.17-15.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cyrus-imapd-devel-0:2.4.17-15.el7.i686", "product": { "name": "cyrus-imapd-devel-0:2.4.17-15.el7.i686", "product_id": "cyrus-imapd-devel-0:2.4.17-15.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cyrus-imapd-devel@2.4.17-15.el7?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product": { "name": "cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product_id": "cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cyrus-imapd@2.4.17-15.el7.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product": { "name": "cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product_id": "cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cyrus-imapd-utils@2.4.17-15.el7.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product": { "name": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product_id": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cyrus-imapd-devel@2.4.17-15.el7.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686", "product": { "name": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686", "product_id": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cyrus-imapd-devel@2.4.17-15.el7.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64" }, "product_reference": "cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "cyrus-imapd-0:2.4.17-15.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:cyrus-imapd-0:2.4.17-15.el7.x86_64" }, "product_reference": "cyrus-imapd-0:2.4.17-15.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64" }, "product_reference": "cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "cyrus-imapd-utils-0:2.4.17-15.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:cyrus-imapd-utils-0:2.4.17-15.el7.x86_64" }, "product_reference": "cyrus-imapd-utils-0:2.4.17-15.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64" }, "product_reference": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "cyrus-imapd-devel-0:2.4.17-15.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.x86_64" }, "product_reference": "cyrus-imapd-devel-0:2.4.17-15.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686" }, "product_reference": "cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "cyrus-imapd-devel-0:2.4.17-15.el7.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.i686" }, "product_reference": "cyrus-imapd-devel-0:2.4.17-15.el7.i686", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-32056", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "description", "text": "Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Red-Hat-7:cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-0:2.4.17-15.el7.x86_64", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.i686", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.x86_64", "Red-Hat-7:cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-utils-0:2.4.17-15.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-32056" }, { "category": "external", "summary": "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released", "url": "https://cyrus.topicbox.com/groups/announce/T056901c106ecfce3/cyrus-imap-3-4-1-released" }, { "category": "external", "summary": "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released", "url": "https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJZB45QBUN7CZFGOWCZYUYACNBTX7LVS/" }, { "category": "external", "summary": "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html", "url": "https://www.cyrusimap.org/imap/download/release-notes/3.2/x/3.2.7.html" }, { "category": "external", "summary": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html", "url": "https://www.cyrusimap.org/imap/download/release-notes/3.4/x/3.4.1.html" } ], "release_date": "2021-05-10T14:15:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-06-12T13:07:12.668872Z", "details": "This issue is only reachable by remote authenticated IMAP users with valid accounts and targets server-annotation metadata, not mailbox contents or code paths. Its primary effect is limited to availability (replication may stall) with no confidentiality or integrity impact and no route to code execution. Because Cyrus replication must be explicitly enabled and configured, the practical blast radius in centrally managed server/VM deployments is small, making this a reasonable candidate to deprioritize.", "product_ids": [ "Red-Hat-7:cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-0:2.4.17-15.el7.x86_64", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.i686", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.x86_64", "Red-Hat-7:cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-utils-0:2.4.17-15.el7.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red-Hat-7:cyrus-imapd-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-0:2.4.17-15.el7.x86_64", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.i686", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.i686", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-devel-0:2.4.17-15.el7.x86_64", "Red-Hat-7:cyrus-imapd-utils-0:2.4.17-15.el7.tuxcare.els1.x86_64", "Red-Hat-7:cyrus-imapd-utils-0:2.4.17-15.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }