CVE-2024-6096

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Reporting versions prior to 18.1.24.709

Description: The issue is related to an insecure type resolution vulnerability, allowing for object injection and potentially enabling a code execution attack. This can be exploited by manipulating input data to select classes, which may permit a remote attacker to execute arbitrary code. The vulnerability can lead to unauthorized access, data theft, and system compromise.

Recommendations: For versions prior to 18.1.24.709, upgrade the affected component to version 18.1.24.709 or later to resolve the issue. As a temporary workaround, consider restricting access to the reporting component to minimize the risk of exploitation.