CVE-2019-18935 - Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
Project:Progress
Product:Telerik UI for ASP.NET AJAX
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
Description
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-18935
Related News Articles
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web ShellsFebruary 10, 2025
Progress warns of critical RCE bug in Telerik Report ServerJuly 25, 2024