CVE-2019-18935 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 28, 2024
What is CVE-2019-18935?
CVE-2019-18935 is a critical vulnerability in Telerik UI for ASP.NET AJAX. With a severity score of 9.8, it results from insecure deserialization of JSON objects in the RadAsyncUpload function, potentially leading to remote code execution. Systems using Telerik UI for ASP.NET AJAX versions from 2011.1.315 to 2019.3.1023 are affected.
Who is impacted by CVE-2019-18935?
Users of Telerik UI for ASP.NET AJAX versions from 2011.1.315 to 2019.3.1023 are impacted by CVE-2019-18935. Organizations using these versions need to be aware of the vulnerability and take necessary precautions to protect their systems.
What to do if CVE-2019-18935 affected you
If your organization is affected by the CVE-2019-18935 vulnerability, it's crucial to take immediate action to protect your systems. Here's a simplified list of steps to follow:
Update Telerik UI for ASP.NET AJAX to a version not affected by the vulnerability.
Apply security patches provided by the vendor.
Implement proper access controls and input validation to prevent unauthorized file uploads.
Regularly update and patch Telerik UI ASP.NET AJAX to protect against known vulnerabilities.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, the CVE-2019-18935 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. It is named "Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability" and was added on November 3, 2021. Organizations have until May 3, 2022, to apply updates per vendor instructions to address this vulnerability.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data, potentially leading to remote code execution.
Learn More
For a comprehensive understanding of this vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2019-18935 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 28, 2024
What is CVE-2019-18935?
CVE-2019-18935 is a critical vulnerability in Telerik UI for ASP.NET AJAX. With a severity score of 9.8, it results from insecure deserialization of JSON objects in the RadAsyncUpload function, potentially leading to remote code execution. Systems using Telerik UI for ASP.NET AJAX versions from 2011.1.315 to 2019.3.1023 are affected.
Who is impacted by CVE-2019-18935?
Users of Telerik UI for ASP.NET AJAX versions from 2011.1.315 to 2019.3.1023 are impacted by CVE-2019-18935. Organizations using these versions need to be aware of the vulnerability and take necessary precautions to protect their systems.
What to do if CVE-2019-18935 affected you
If your organization is affected by the CVE-2019-18935 vulnerability, it's crucial to take immediate action to protect your systems. Here's a simplified list of steps to follow:
Update Telerik UI for ASP.NET AJAX to a version not affected by the vulnerability.
Apply security patches provided by the vendor.
Implement proper access controls and input validation to prevent unauthorized file uploads.
Regularly update and patch Telerik UI ASP.NET AJAX to protect against known vulnerabilities.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, the CVE-2019-18935 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. It is named "Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability" and was added on November 3, 2021. Organizations have until May 3, 2022, to apply updates per vendor instructions to address this vulnerability.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data, potentially leading to remote code execution.
Learn More
For a comprehensive understanding of this vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2019-18935 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 28, 2024
What is CVE-2019-18935?
CVE-2019-18935 is a critical vulnerability in Telerik UI for ASP.NET AJAX. With a severity score of 9.8, it results from insecure deserialization of JSON objects in the RadAsyncUpload function, potentially leading to remote code execution. Systems using Telerik UI for ASP.NET AJAX versions from 2011.1.315 to 2019.3.1023 are affected.
Who is impacted by CVE-2019-18935?
Users of Telerik UI for ASP.NET AJAX versions from 2011.1.315 to 2019.3.1023 are impacted by CVE-2019-18935. Organizations using these versions need to be aware of the vulnerability and take necessary precautions to protect their systems.
What to do if CVE-2019-18935 affected you
If your organization is affected by the CVE-2019-18935 vulnerability, it's crucial to take immediate action to protect your systems. Here's a simplified list of steps to follow:
Update Telerik UI for ASP.NET AJAX to a version not affected by the vulnerability.
Apply security patches provided by the vendor.
Implement proper access controls and input validation to prevent unauthorized file uploads.
Regularly update and patch Telerik UI ASP.NET AJAX to protect against known vulnerabilities.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, the CVE-2019-18935 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. It is named "Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability" and was added on November 3, 2021. Organizations have until May 3, 2022, to apply updates per vendor instructions to address this vulnerability.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-502, which involves deserialization of untrusted data, potentially leading to remote code execution.
Learn More
For a comprehensive understanding of this vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions