CVE-2019-18935 - Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability

: Progress | Telerik UI for ASP.NET AJAX

Date Added:
2021-11-03

Due Date:
2022-05-03

Vulnerability Name: Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability

Description: Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply updates per vendor instructions.

Additional Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-18935

Related News Articles

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web ShellsFebruary 10, 2025

Progress warns of critical RCE bug in Telerik Report ServerJuly 25, 2024

Free online web security scanner

Don't show website scan report rating on the leaderboard