CVE-2017-11357
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
CVSS
—
No CVSS
EPSS
75.7%
p99
KEV
YES
Jan 26, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Telerik / User Interface (UI) for ASP.NET AJAX
Vulnerability
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
Added to KEV
Jan 26, 2023
Remediate by
Feb 16, 2023
Known ransomware use
Yes
Summary description
Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference; https://nvd.nist.gov/vuln/detail/CVE-2017-11357