CVE-2019-18935: Progress Telerik UI for ASP.NET AJAX Deserialization of
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability. Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.
- CISA KEV-listed (remediation due 2022-05-03)
- used in ransomware campaigns
- EPSS 93.7% (99.9% percentile)