Vulnerability Details : CVE-2021-28141
Potential exploit
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter _TSM_HiddenField_ and inject a command at the end of the URI. NOTE: the vendor states that this is not a vulnerability. The request's output does not indicate that a "true" command was executed on the server, and the request's output does not leak any private source code or data from the server
Vulnerability category: Execute codeBypass
Products affected by CVE-2021-28141
- cpe:2.3:a:telerik:ui_for_asp.net_ajax:2021.1.224:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-28141
1.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-28141
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-28141
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-28141
-
https://pastebin.com/JULpfvFJ
Vulnerability.txt - Pastebin.comExploit;Third Party Advisory
-
https://gist.github.com/shreyasfegade/e2480e26b2ed1d0c7175ecf7cb15f9c1
CVE-2021-28141.txt ยท GitHubExploit;Third Party Advisory
Jump to