CVE-2018-15122

HIGH

Progress Telerik <2018.1.323.2-2018.2.605.0 - Code Injection

Title source: llm
STIX 2.1

Description

An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.

Scores

CVSS v3 7.8
EPSS 0.0119
EPSS Percentile 64.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
telerik/justassembly 2018.1.323.2
telerik/justdecompile 2018.2.605.0
Published Aug 16, 2018
Tracked Since Feb 18, 2026