Security News > 2024 > July > Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
![Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk](/static/build/img/news/critical-flaw-in-telerik-report-server-poses-remote-code-execution-risk-medium.jpg)
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution.
The vulnerability, tracked as CVE-2024-6327, impacts Report Server version 2024 Q2 and earlier.
"In Progress Telerik Report Server versions prior to 2024 Q2, a remote code execution attack is possible through an insecure deserialization vulnerability," the company said in an advisory.
Deserialization flaws occur when an application reconstructs untrusted data that an attacker has control over without adequate validation in place, resulting in the execution of unauthorized commands.
As temporary mitigation, it's recommended to change the user for the Report Server Application Pool to one with limited permission.
The disclosure comes nearly two months after the company patched another critical shortcoming in the same software that could be abused by a remote attacker to bypass authentication and create rogue administrator users.
News URL
https://thehackernews.com/2024/07/critical-flaw-in-telerik-report-server.html
Related news
- New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (source)
- Mailcow Mail Server Flaws Expose Servers to Remote Code Execution (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server (source)
- New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-24 | CVE-2024-6327 | In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | 0.0 |