Telerik Reporting at Risk of Code Execution Attack Due to Insecure Deserialization Vulnerability
CVE-2024-1801

7.8HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Reporting
Vendor: CVE Published:; 20 March 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

The vulnerability identified in Progress Telerik Reporting prior to the 2024 Q1 release (version 18.0.24.130) poses a significant risk due to insecure deserialization. This weakness enables local attackers to exploit the system by potentially executing arbitrary code, leveraging the deserialize mechanism inappropriately. Organizations utilizing affected versions should be aware of the inherent risks and apply necessary security measures to mitigate the threat.

Affected Version(s)

Telerik Reporting Q1 2007

News Articles

🔗The Cyber Express

CVE-2024-1801 CVE-2024-1856

CCB Issues Warning On Progress Telerik Vulnerabilities

The Centre for Cybersecurity Belgium issued a security advisory on critical vulnerabilities affecting Progress Telerik products.

8 months ago

References

https://www.telerik.com/products/reporting.aspx

product

https://docs.telerik.com/reporting/knowledge-base/deseria...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Jun 6, 2024
📰
First article discovered by The Cyber Express
Jun 6, 2024
Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Feb 22, 2024

Credit

HackerOne: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38 working with Trend Micro Zero Day Initiative

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

CCB Issues Warning On Progress Telerik Vulnerabilities

References

CVSS V3.1

Timeline

Credit