86 matches found
CVE-2023-35814
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET Web Forms. Affects DevExpress XtraReport serialization handling prior to version 23.1.3; impacts confidentiality, integrity and availability as per listed CVSS details. Remediation: upgrade to version 23.1.3 ...
CVE-2022-28684
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
Spoofing
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
DevExpress ASP.NET Web Forms 安全漏洞
DevExpress ASP.NET Web Forms is a Web Forms control from DevExpress, USA. A security vulnerability exists in DevExpress ASP.NET Web Forms Build v19.2.3. An attacker can exploit the vulnerability to gain access to the application's source code...
CVE-2022-41479
CVE-2022-41479 affects DevExpress ASP.NET Web Forms Build v19.2.3. The DevExpress Resource Handler (ASPxHttpHandlerModule) does not verify objects referenced by the /DXR.axd?r= HTTP GET parameter, causing an Insecure Direct Object References (IDOR) that can expose the application source code (ven...
PT-2022-25884 · Devexpress · Devexpress Asp.Net
Name of the Vulnerable Software and Affected Versions: DevExpress ASP.NET Web Forms Build version 19.2.3 Description: The DevExpress Resource Handler ASPxHttpHandlerModule does not verify the referenced objects in the "/DXR.axd?r=" HTTP GET parameter. This leads to an Insecure Direct Object...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
Security Bulletin: IBM Robotic Process Automation is vulnerable to arbitrary code execution due to DevExpress SafeBinaryFormatter (CVE-2022-28684)
Summary DevExpress is used by IBM Robotic Process Automatoin as part of the Dashboard and some commands. CVE-2022-28684 Vulnerability Details CVEID:CVE-2022-28684 DESCRIPTION: DevExpress could allow a remote authenticated attacker to execute arbitrary code on the system, caused by deserialization...
CVE-2022-28684
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
CVE-2022-28684
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
CVE-2022-28684
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
Deserialization of untrusted data
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
EUVD-2022-33126
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
CVE-2022-28684
CVE-2022-28684 describes a remote code execution via deserialization in DevExpress SafeBinaryFormatter. Exploitation requires authentication; impact is high (C Confidentiality/Integrity/Availability). Affected: IBM Robotic Process Automation < 21.0.4 and IBM Robotic Process Automation for Clou...
CVE-2022-28684
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
DevExpress 代码问题漏洞
DevExpress is a software from DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A code issue vulnerability exists in DevExpress SafeBinaryFormatter that stems from a lack of proper...
DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...