Home Analyst Portal


Konstantin_Slavin-BoKonstantin_Slavin-Bo Customer Ninja IT Monkey ✭✭✭✭

CISA just issued an alert for an old Telerik exploit exploited on a government website (ref: https://www.cisa.gov/news-events/alerts/2023/03/15/threat-actors-exploited-progress-telerik-vulnerability-us-government-iis-server).

Telerik themselves has this post about this older vulnerability: https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/common-allows-javascriptserializer-deserialization

Apparently, before v2020.1.114 needs a non-default setting applied to mitigate this.

Is the AP affected (running v2018 something iirc) and, if so, are there any plans for mitigation?



Sign In or Register to comment.