CVE-2024-4358

Name of the Vulnerable Software and Affected Versions Progress Telerik Report Server versions 2024 Q1 (10.0.24.305) or earlier

Description The issue is related to an authentication bypass vulnerability in Progress Telerik Report Server, allowing an unauthenticated attacker to gain access to restricted functionality. This can be exploited by spoofing, potentially granting unauthorized access to sensitive data. There have been reports of exploitation attempts, with some sources indicating that high-level cybercriminals are targeting Progress Software products. It is estimated that a significant number of devices may be affected, although the exact number is not specified.

Recommendations For versions 2024 Q1 (10.0.24.305) or earlier, update to version 10.1.24.514 or higher immediately to resolve the issue. As a temporary workaround, consider restricting access to the Report Server until the update can be applied. Additionally, review user lists for unknown accounts, as exploitation of this vulnerability could allow attackers to create rogue admin users.