Home Analyst Portal

CVE-2019-18935

Konstantin_Slavin-BoKonstantin_Slavin-Bo Customer Ninja IT Monkey ✭✭✭✭

CISA just issued an alert for an old Telerik exploit exploited on a government website (ref: https://www.cisa.gov/news-events/alerts/2023/03/15/threat-actors-exploited-progress-telerik-vulnerability-us-government-iis-server).

Telerik themselves has this post about this older vulnerability: https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/common-allows-javascriptserializer-deserialization

Apparently, before v2020.1.114 needs a non-default setting applied to mitigate this.

Is the AP affected (running v2018 something iirc) and, if so, are there any plans for mitigation?

Thanks!

Comments

Sign In or Register to comment.