6.10.6.2

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ajaxpro-2-project

CWE-502

critical

NVD

Published: 2021-12-03

Updated: 2023-11-14

Summary

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Ajaxpro.2_Project Ajaxpro.2 Project Ajaxpro.2 - Ajaxpro.2 Project Ajaxpro.2 2.9.17.2 Ajaxpro.2 Project Ajaxpro.2 6.10.6.2	3

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57
https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971
http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html