CVE-2024-8015

Name of the Vulnerable Software and Affected Versions Telerik Report Server versions prior to 2024 Q3 (10.2.24.924)

Description The issue is related to an insecure type resolution vulnerability, allowing a remote code execution attack through object injection. This vulnerability can be exploited by providing input that enables the selection of classes, potentially leading to arbitrary code execution.

Recommendations For versions prior to 2024 Q3 (10.2.24.924), update to version 2024 Q3 (10.2.24.924) or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable component until a patch is applied.