Remote Code Execution Vulnerability in Telerik Report Server

CVE-2024-6327
9.8CRITICAL

Key Information

Vendor
Progress Software Corporation
Status
Telerik Report Server
Vendor
CVE Published:
24 July 2024

Badges

😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The CVE-2024-6327 vulnerability is a remote code execution flaw in Progress Software Corporation's Telerik Report Server solution. This vulnerability, as well as the related CVE-2024-6096, can allow attackers to remotely execute code on the underlying server. Progress Software has issued upgrades to its Telerik Reporting and Telerik Report Server solutions to address these vulnerabilities, and users are urged to upgrade as soon as possible to prevent exploitation. There is no known exploitation of the vulnerabilities in the wild, but the company's solutions have been targeted by attackers in the past, making prompt upgrades essential for security.

Affected Version(s)

Telerik Report Server <= 1.00

News Articles

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability started trending.

  • 👾

    Exploit exists.

  • First article discovered by BleepingComputer

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database6 News Article(s)
.