Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability

Known Exploited Vulnerability

CVE-2017-11357, Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.

The following remediation steps are recommended / required by February 16, 2023: Apply updates per vendor instructions.