CVE-2021-28141

Name of the Vulnerable Software and Affected Versions: Progress Telerik UI for ASP.NET AJAX version 2021.1.224

Description: An issue was discovered in Progress Telerik UI for ASP.NET AJAX, allowing unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow an attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter TSM HiddenField and inject a command at the end of the URI.

Recommendations: For version 2021.1.224, consider restricting access to the Telerik.Web.UI.WebResource.axd file to minimize the risk of exploitation. As a temporary workaround, avoid using the parameter TSM HiddenField in the affected URI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.