DevExpress
0 remedies
cpe:2.3:a:devexpress:devexpress:*:*:*:*:*:*:*
0 remedies
- < 23.1.3
- < 22.2.6
- < 22.2.3
- < 22.1.9
- < 22.1.7
- < 21.2.12
DevExpress Data Source Protection Bypass Vulnerability in XML Deserialization
Vulnerability
A vulnerability exists in DevExpress products prior to version 23.1.3, including versions 22.2.6, 22.2.3, 22.1.9, 22.1.7, and 21.2.12. This vulnerability allows for a bypass of the data-source protection mechanism during the deserialization of XML data, which could potentially be exploited to manipulate or access protected data sources.
Impact
Exploitation of this vulnerability can lead to unauthorized access or manipulation of data sources by bypassing the intended protection mechanisms.
Reproduction
The vulnerability can be reproduced by deserializing XML data that is crafted to exploit the data-source protection mechanism. This can be done in an environment running a vulnerable version of DevExpress.
Remediation
Users are advised to update to DevExpress version 23.1.3 or later, where this vulnerability has been addressed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
3.6remediation
0.0relevance
0.0threat
1.6urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.