Insecure Deserialization Vulnerability in Progress Telerik UI for WinForms
CVE-2024-10013

7.8HIGH

Key Information:

Vendor: Progress
Status: Ui For Winforms
Vendor: CVE Published:; 13 November 2024

Summary

An insecure deserialization vulnerability has been identified in Progress Telerik UI for WinForms, which prior to the 2024 Q4 release, allows attackers to exploit the application by executing arbitrary code. This vulnerability arises when an application processes untrusted data, exposing it to potential code execution attacks. Organizations using the affected versions should take immediate action to update their software to ensure the integrity and security of their applications.

References

https://docs.telerik.com/devtools/winforms/knowledge-base...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2024