← ExploitWatch
HomeExploited Vulnerabilities

CVE-2019-18935 — Actively Exploited: Telerik UI for ASP.NET AJAX (Progress)

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.

CVE IDCVE-2019-18935
VendorProgress
ProductTelerik UI for ASP.NET AJAX
Vulnerability nameProgress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionProgress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →