CVE-2017-11357
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
CVSS
—
Sin CVSS
EPSS
75.7%
p99
KEV
SÍ
26 ene 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Telerik / User Interface (UI) for ASP.NET AJAX
Vulnerabilidad
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
Añadido a KEV
26 ene 2023
Remediar antes de
16 feb 2023
Uso conocido en ransomware
Sí
Descripción resumida
Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
Acción requerida
Apply updates per vendor instructions.
Notas
https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference; https://nvd.nist.gov/vuln/detail/CVE-2017-11357