Telerik Reporting at Risk of Code Execution Attack Due to Insecure Deserialization Vulnerability
CVE-2024-1801

7.7HIGH

Key Information:

Vendor

Progress Software
Status
Telerik Reporting
Vendor
CVE Published:
20 March 2024

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2024-1801?

The vulnerability identified in Progress Telerik Reporting prior to the 2024 Q1 release (version 18.0.24.130) poses a significant risk due to insecure deserialization. This weakness enables local attackers to exploit the system by potentially executing arbitrary code, leveraging the deserialize mechanism inappropriately. Organizations utilizing affected versions should be aware of the inherent risks and apply necessary security measures to mitigate the threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Telerik Reporting Q1 2007

News Articles

favicon imageThe Cyber Express

CCB Issues Warning On Progress Telerik Vulnerabilities

The Centre for Cybersecurity Belgium issued a security advisory on critical vulnerabilities affecting Progress Telerik products.

References

https://www.telerik.com/products/reporting.aspx
product
https://docs.telerik.com/reporting/knowledge-base/deseria...
vendor-advisory

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

Credit

HackerOne: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38 working with Trend Micro Zero Day Initiative
JSON
.