Description
Kentico CMS is an ASP.NET web content management system.
Kentico CMS API uses .NET deserialization of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data.
Remediation
Upgrade to the latest version of Kentico CMS
References
Related Vulnerabilities
Oracle E-Business Suite SSRF (CVE-2017-10246)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-2628)
Invision Power Board version 3.3.4 unserialize PHP code execution
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16335)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10968)