Vulnerabilities > CVE-2018-17060 - Unspecified vulnerability in Progress Telerik Extensions FOR Asp.Net MVC

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

progress

NVD

Published: 2018-10-08

Updated: 2020-08-24

Summary

Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013.

Vulnerable Configurations

Part	Description	Count
Application	Progress Progress Telerik Extensions FOR Asp.Net MVC *	1

References

https://www.telerik.com/support/code-library/security-alert-for-the-obsolete-telerik-extensions-for-asp-net-mvc