CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 16, 2023
High
CISA KEVRansomwareCVE-2017-11357
Telerik—User Interface (UI) for ASP.NET AJAX
Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
Required Action
https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference; https://nvd.nist.gov/vuln/detail/CVE-2017-11357
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Jan 26, 2023
- KEV Added
- Jan 26, 2023
- Due Date
- Feb 16, 2023
- Related Articles
- 0
Vendor
Telerik
User Interface (UI) for ASP.NET AJAX