CVE-2023-35814 | THREATINT

Description

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.

PUBLISHED Reserved 2023-06-17 | Published 2025-04-28 | Updated 2025-04-28 | Assigner mitre

LOW: 3.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Default status

unaffected

Any version before 21.2.12

affected

22 (custom) before 22.1.7

affected

22.1.8 (custom) before 22.1.9

affected

22.2 (custom) before 22.2.3

affected

22.2.4 (custom) before 22.2.6

affected

23 (custom) before 23.1.3

affected

Download JSON