Remote Code Execution Vulnerability in Telerik Reporting Prior to 2024 Q1
CVE-2024-1856

8.5HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Reporting
Vendor: CVE Published:; 20 March 2024

Badges

📰 News Worthy

Summary

A code execution vulnerability exists in Progress Telerik Reporting due to insecure deserialization, allowing a remote attacker to execute arbitrary code on the server. This risk is present in all versions prior to 2024 Q1 (18.0.24.130), potentially compromising application integrity. Urgent remediation is required to mitigate risks associated with this security flaw.

Affected Version(s)

Telerik Reporting Q1 2007

News Articles

The Cyber Express

CVE-2024-1801 CVE-2024-1856

CCB Issues Warning On Progress Telerik Vulnerabilities

The Centre for Cybersecurity Belgium issued a security advisory on critical vulnerabilities affecting Progress Telerik products.

7 months ago

thmubnail image

References

https://www.telerik.com/products/reporting.aspx

https://docs.telerik.com/reporting/knowledge-base/deseria...

vendor-advisory

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

📰
First article discovered by The Cyber Express
Jun 6, 2024
Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Feb 23, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

HackerOne: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38 working with Trend Micro Zero Day Initiative

.