AI description
CVE-2024-10095 is a code execution vulnerability affecting Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213). It stems from an insecure deserialization flaw within the PersistenceFramework. The vulnerability, classified as CWE-502 (Deserialization of Untrusted Data), allows attackers to potentially execute arbitrary code locally on a system. Exploitation is possible due to the improper handling of deserialization processes.
- Description
- In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
- Source
- security@progress.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@progress.com
- CWE-502
- Hype score
- Not currently trending
In one of #Telerik's recent updates, I noticed a fix for CVE-2024-10095, an insecure deserialization vulnerability in their UI for WPF. So I thought, what a perfect time for a patch analysis :) Check it out here: https://t.co/01n0v1JiTm
@arm1yon
18 Mar 2025
8073 Impressions
18 Retweets
86 Likes
36 Bookmarks
2 Replies
2 Quotes
🚨 CVE-2024-10095 (Published: 2024-12-16) - A high-severity vulnerability in Telerik products affects specific versions. Ensure you update to the latest version to mitigate risks. For detailed remediation steps, check the official documentation: https://t.co/ZPtUVjNdfN… https://t
@transilienceai
19 Dec 2024
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10095 (Published: 2024-12-16) - A high-severity vulnerability in Telerik products. Affects specific versions with unsafe deserialization issues. 🛠️ Remediation is crucial! Check the details and patch your systems: https://t.co/ZPtUVjNdfN #CyberSecurity #Telerik
@transilienceai
19 Dec 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10095 (Published: 2024-12-16) - A high-severity vulnerability in Telerik products. Affects specific versions prone to unsafe deserialization. 🔒 Remediation is crucial! Check the details and secure your applications: https://t.co/ZPtUVjNdfN #CyberSecurity #Telerik
@transilienceai
17 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10095 (Published: 2024-12-16) - A high-severity vulnerability in Telerik products. Affects specific versions with unsafe deserialization issues. 🔒 Remediation is crucial! Check the details and secure your systems: https://t.co/ZPtUVjNdfN #CyberSecurity #Telerik
@transilienceai
17 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10095 Code Execution Via Insecure Deserialization in Telerik UI for WPF In Progress Telerik UI for WPF, versions before 2024 Q4 (2024.4.1213), there's an insecure deserialization vulnerability. This can ... https://t.co/VKympUaAwM
@VulmonFeeds
17 Dec 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10095 In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. https://t.co/rD2PYc4xQD
@CVEnew
16 Dec 2024
381 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:telerik:ui_for_wpf:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49231DFA-90F4-45A3-8257-3CA0EFC1526B",
"versionEndExcluding": "24.4.1213"
}
],
"operator": "OR"
}
]
}
]