CVE-2024-1801

Name of the Vulnerable Software and Affected Versions Progress Telerik Reporting versions prior to 2024 Q1 (18.0.24.130)

Description The issue is related to an insecure deserialization vulnerability in the ObjectReader class of Progress Telerik Reporting, which can be exploited by a local threat actor to execute arbitrary code. This can be achieved through a specially crafted file, allowing the attacker to perform a code execution attack.

Recommendations For versions prior to 2024 Q1 (18.0.24.130), update to version 2024 Q1 (18.0.24.130) or later to resolve the issue. As a temporary workaround, consider restricting the use of the ObjectReader class until a patch is available. Avoid using the deserialization mechanism with untrusted data in the affected Progress Telerik Reporting versions until the issue is resolved. At the moment, there is no additional information about other mitigation measures.