07842C0E165D4D2D8733Dd4Eab48B3Ed0F7Afe38

**Name of the Vulnerable Software and Affected Versions** Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130) **Description** A remote code execution attack is possible through an insecure deserialization vulnerability in the Progress® Telerik® Report Server. This vulnerability is related to deficiencies in the deserialization mechanism, allowing a remote attacker to execute arbitrary code. Approximately 106 hosts are affected globally, with 97% of these hosts having an exposed login page and 46% having remote access capabilities. **Recommendations** For versions prior to 2024 Q1 (10.0.24.130), update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the deserialization mechanism to minimize the risk of exploitation. Avoid using untrusted data in the ObjectReader deserialization process until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Progress Telerik Reporting versions prior to 2024 Q1 (18.0.24.130) **Description** The issue is related to an insecure deserialization vulnerability in the ObjectReader class of Progress Telerik Reporting, which can be exploited by a local threat actor to execute arbitrary code. This can be achieved through a specially crafted file, allowing the attacker to perform a code execution attack. **Recommendations** For versions prior to 2024 Q1 (18.0.24.130), update to version 2024 Q1 (18.0.24.130) or later to resolve the issue. As a temporary workaround, consider restricting the use of the ObjectReader class until a patch is available. Avoid using the deserialization mechanism with untrusted data in the affected Progress Telerik Reporting versions until the issue is resolved. At the moment, there is no additional information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Progress Telerik Reporting versions prior to 2024 Q1 (18.0.24.130) **Description** The issue is related to an insecure deserialization vulnerability in the ObjectReader class of Progress Telerik Reporting, which can be exploited by a remote threat actor to execute arbitrary code using specially crafted data. This vulnerability allows for code execution attacks. **Recommendations** For versions prior to 2024 Q1 (18.0.24.130), update to version 2024 Q1 (18.0.24.130) or later to resolve the issue. As a temporary workaround, consider restricting the use of the ObjectReader class to minimize the risk of exploitation. Avoid deserializing untrusted data until the issue is resolved.