Insecure Deserialization Vulnerability in Telerik UI for WPF
CVE-2024-10095
9.8CRITICAL
Key Information:
- Vendor
- Progress Software
- Status
- Vendor
- CVE Published:
- 16 December 2024
Summary
CVE-2024-10095 identifies a critical insecure deserialization flaw within Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213). This vulnerability can be exploited to execute arbitrary code within the affected application, posing significant risks to users' systems. It's crucial for organizations using the affected versions to upgrade promptly to safeguard against potential attacks.
Affected Version(s)
Telerik UI for WPF Windows 0 < 2024.4.1213
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database