Description

Kentico CMS is an ASP.NET web content management system.

Kentico CMS API uses .NET deserialization of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data.

Remediation

Upgrade to the latest version of Kentico CMS

References

Hotfixes

Related Vulnerabilities

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress PHAR Deserialization (3.7.9)

Oracle E-Business Suite SQL injection (CVE-2017-3549)

Telerik Web UI RadAsyncUpload Deserialization

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.10)

WordPress Plugin Migration, Backup, Staging-WPvivid PHAR Deserialization (0.9.74)

Severity

High

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Insecure Deserialization Acumonitor