Security News > 2024 > July > Progress warns of critical RCE bug in Telerik Report Server
![Progress warns of critical RCE bug in Telerik Report Server](/static/build/img/news/progress-warns-of-critical-rce-bug-in-telerik-report-server-medium.jpg)
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices.
As a server-based reporting platform, Telerik Report Server provides centralized storage for reports and the tools needed to create, deploy, deliver, and manage them across an organization.
The vulnerability impacts Report Server 2024 Q2 and earlier and was patched in version 2024 Q2. "Updating to Report Server 2024 Q2 or later is the only way to remove this vulnerability," the business software maker warned in a Wednesday advisory.
Go to your Report Server web UI and log in using an account with administrator rights.
In 2022, a U.S. federal agency's Microsoft Internet Information Services web server was hacked by exploiting the CVE-2019-18935 critical Progress Telerik UI vulnerability, which is included in the FBI's list of top targeted vulnerabilities and the NSA's top 25 security bugs abused by Chinese hackers.
New regreSSHion OpenSSH RCE bug gives root on Linux servers.
News URL
Related news
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) (source)
- Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts (source)
- PHP fixes critical RCE flaw impacting all versions for Windows (source)
- TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-11 | CVE-2019-18935 | Deserialization of Untrusted Data vulnerability in Telerik UI for Asp.Net Ajax Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. | 9.8 |