CVE-2024-1800

Name of the Vulnerable Software and Affected Versions Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130)

Description A remote code execution attack is possible through an insecure deserialization vulnerability in the Progress® Telerik® Report Server. This vulnerability is related to deficiencies in the deserialization mechanism, allowing a remote attacker to execute arbitrary code. Approximately 106 hosts are affected globally, with 97% of these hosts having an exposed login page and 46% having remote access capabilities.

Recommendations For versions prior to 2024 Q1 (10.0.24.130), update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the deserialization mechanism to minimize the risk of exploitation. Avoid using untrusted data in the ObjectReader deserialization process until the issue is resolved. At the moment, there is no information about additional mitigation measures.