July 26, 2024 at 09:37AM Progress Software’s latest security advisory warns about a critical CVE-2024-6327 vulnerability in Telerik Report Server, with potential for remote code execution on versions prior to 10.1.24.709. There’s special concern due to previous successful attacks via a similar vulnerability. Another CVE-2024-6096 vulnerability in Telerik Reporting also poses a serious risk, requiring … Read more
July 26, 2024 at 01:13AM Progress Software has identified a critical security flaw (CVE-2024-6327) in Telerik Report Server versions prior to 2024 Q2 (10.1.24.709) that could lead to remote code execution due to an insecure deserialization vulnerability. Users are advised to update to version 10.1.24.709 and take temporary mitigation measures. Another vulnerability (CVE-2024-4358) was patched … Read more
July 25, 2024 at 11:49AM Progress Software has issued a warning to patch a critical remote code execution security flaw in the Telerik Report Server, impacting Report Server 2024 Q2 and earlier. This vulnerability allows attackers to gain remote code execution on unpatched servers. Progress advises upgrading to version 2024 Q2 (10.1.24.709) or later, offering … Read more
June 4, 2024 at 11:07AM Progress Software has released updates to address a critical security flaw in Telerik Report Server, allowing potential bypass of authentication and creation of rogue administrator users. Tracked as CVE-2024-4358, the flaw carries a high CVSS score of 9.8. Users are urged to update to version 2024 Q2 and review user … Read more
June 4, 2024 at 08:39AM A critical vulnerability (CVE-2024-4358, CVSS 9.8) in Progress Software’s Telerik Report Server allows remote attackers to bypass authentication, creating an admin user. An exploited deserialization flaw (CVE-2024-1800) enables remote code execution. Progress addressed both vulnerabilities in version 2024 Q1 (10.0.24.305). Users should update promptly to prevent exploitation. Based on the … Read more
June 3, 2024 at 02:01PM Researchers have demonstrated a chained remote code execution vulnerability on Progress Telerik Report Servers. The exploit, developed by Sina Kheirkha with assistance from Soroush Dalili, involves an authentication bypass and deserialization issue. Urgent updates (Telerik Report Server 2024 Q2 10.1.24.514 or later) are recommended. Progress Software’s history warrants prompt action … Read more