Remote Code Execution Vulnerability in Telerik Reporting Prior to 2024 Q1
CVE-2024-1856

8.5HIGH

Key Information:

Vendor

Progress Software
Status
Telerik Reporting
Vendor
CVE Published:
20 March 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-1856?

A code execution vulnerability exists in Progress Telerik Reporting due to insecure deserialization, allowing a remote attacker to execute arbitrary code on the server. This risk is present in all versions prior to 2024 Q1 (18.0.24.130), potentially compromising application integrity. Urgent remediation is required to mitigate risks associated with this security flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Telerik Reporting Q1 2007

News Articles

favicon imageThe Cyber Express

CCB Issues Warning On Progress Telerik Vulnerabilities

The Centre for Cybersecurity Belgium issued a security advisory on critical vulnerabilities affecting Progress Telerik products.

References

https://www.telerik.com/products/reporting.aspx
product
https://docs.telerik.com/reporting/knowledge-base/deseria...
vendor-advisory

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ“ฐ

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

Credit

HackerOne: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38 working with Trend Micro Zero Day Initiative
JSON
.