Known Exploited Vulnerability: CVE-2017-11357

Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability

Catalog version: 2026.07.16 Date added: 2023-01-26 Due date: 2023-02-16 CISA catalog

Vendor: Telerik

Product: User Interface (UI) for ASP.NET AJAX

Required action: Apply updates per vendor instructions.

Known ransomware campaign use: Known

Notes: https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference https://nvd.nist.gov/vuln/detail/CVE-2017-11357

CWEs

cvelogic Threat Intelligence