Vulnerability Description
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ajaxpro.2 Project | Ajaxpro.2 | < 21.10.30.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-
- https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfcPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971Third Party Advisory
- http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-
- https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfcPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971Third Party Advisory
FAQ
What is CVE-2021-23758?
CVE-2021-23758 is a vulnerability with a CVSS score of 8.1 (HIGH). All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execu...
How severe is CVE-2021-23758?
CVE-2021-23758 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23758?
Check the references section above for vendor advisories and patch information. Affected products include: Ajaxpro.2 Project Ajaxpro.2.