CVE-2019-18935

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 11, 2019
Updated: Jul 25, 2024
CWE ID 502

Summary

CVE-2019-18935 is a deserialization vulnerability affecting Progress Telerik UI for ASP.NET AJAX up to version 2019.3.1023. The RadAsyncUpload function contains this weakness, which can lead to remote code execution if attackers manage to provide malicious data and the encryption keys are known. Potential sources of known keys include CVE-2017-11317 and CVE-2017-11357, or other means. As of 2020.1.114, a default setting mitigates this risk. However, in version 2019.3.1023, an additional setting can provide an extra layer of protection against exploitation. Earlier versions do not have this option.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Telerik Ui For Asp.net Ajax

Affected Vendors

  • Telerik