Progress Patches Critical Telerik Report Server Vulnerability

July 26, 2024 at 10:39AM Progress Software has alerted users to a critical-severity vulnerability (CVE-2024-6327) in its Telerik Report Server product, enabling remote code execution. Version 2024 Q2 (10.1.24.709) addresses the flaw, urging immediate user updates. Temporary mitigation includes altering the user for the Report Server Application Pool. Threat actors have exploited similar vulnerabilities, prompting … Read more

Progress discloses second critical flaw in Telerik Report Server in as many months

July 26, 2024 at 09:37AM Progress Software’s latest security advisory warns about a critical CVE-2024-6327 vulnerability in Telerik Report Server, with potential for remote code execution on versions prior to 10.1.24.709. There’s special concern due to previous successful attacks via a similar vulnerability. Another CVE-2024-6096 vulnerability in Telerik Reporting also poses a serious risk, requiring … Read more

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

July 26, 2024 at 01:13AM Progress Software has identified a critical security flaw (CVE-2024-6327) in Telerik Report Server versions prior to 2024 Q2 (10.1.24.709) that could lead to remote code execution due to an insecure deserialization vulnerability. Users are advised to update to version 10.1.24.709 and take temporary mitigation measures. Another vulnerability (CVE-2024-4358) was patched … Read more