CVE-2019-18935

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 11, 2019
Updated: Jul 25, 2024
CWE ID 502

Summary

CVE-2019-18935 is a deserialization vulnerability affecting Progress Telerik UI for ASP.NET AJAX up to version 2019.3.1023. The RadAsyncUpload function contains this weakness, which can lead to remote code execution if attackers manage to provide malicious data and the encryption keys are known. Potential sources of known keys include CVE-2017-11317 and CVE-2017-11357, or other means. As of 2020.1.114, a default setting mitigates this risk. However, in version 2019.3.1023, an additional setting can provide an extra layer of protection against exploitation. Earlier versions do not have this option.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Telerik Ui For Asp.net Ajax

Affected Vendors

  • Telerik

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2019-18935 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions