July 25, 2024 By Sergiu Gatlan
Image: Midjourney
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices.
As a server-based reporting platform, Telerik Report Server provides centralized storage for reports and the tools needed to create, deploy, deliver, and manage them across an organization.
Tracked as CVE-2024-6327, the vulnerability is due to a deserialization of untrusted data weakness that attackers can exploit to gain remote code execution on unpatched servers.
The vulnerability impacts Report Server 2024 Q2 (10.1.24.514) and earlier and was patched in version 2024 Q2 (10.1.24.709).
"Updating to Report Server 2024 Q2 (10.1.24.709) or later is the only way to remove this vulnerability," the business software maker warned in a Wednesday advisory. "The Progress Telerik team strongly recommends performing an upgrade to the latest version."
Admins can check if their servers are vulnerable to attacks by going through these steps:
- Go to your Report Server web UI and log in using an account with administrator rights
- Open the Configuration page (~/Configuration/Index).
- Select the About tab and the version number will be displayed in the pane on the right.