Progress Telerik fixes another critical issue in Report Server
Take action: If you are using Progress Telerik Report Server, patch ASAP or apply mitigation before planning a patch. Isolating from the internet helps, but not too much. There have been three critical issues with Telerik Report Server in 2 months, so it's wise to patch it up.
Learn More
Progress Software has fixed a critical remote code execution vulnerability in the Telerik Report Server, tracked as CVE-2024-6327 (CVSS score 9.9). Telerik Report Server is a web-based application, designed for creating, managing, and delivering reports.
The flaw impacts versions of Telerik Report Server prior to 2024 Q2 (10.1.24.709). It enables remote code execution attack due to an insecure deserialization flaw. Exploiting this vulnerability could allow attackers to compromise affected systems.
The specific vulnerability was resolved in version 2024 Q2 (10.1.24.709). Progress Software strongly recommends updating to this latest version to mitigate the risk entirely. As a mitigating measure, users can temporarily change the Report Server Application Pool to one with limited permissions until they can update to the fixed version.
Progress Software has not disclosed whether CVE-2024-6327 has been exploited in the wild.
