CVE-2019-18935
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2019-18935 is a deserialization vulnerability affecting Progress Telerik UI for ASP.NET AJAX up to version 2019.3.1023. The RadAsyncUpload function contains this weakness, which can lead to remote code execution if attackers manage to provide malicious data and the encryption keys are known. Potential sources of known keys include CVE-2017-11317 and CVE-2017-11357, or other means. As of 2020.1.114, a default setting mitigates this risk. However, in version 2019.3.1023, an additional setting can provide an extra layer of protection against exploitation. Earlier versions do not have this option.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Telerik Ui For Asp.net Ajax
Affected Vendors
- Telerik