Progress Telerik Report Server – Qualys ThreatPROTECT

Progress Telerik Report Server Insecure Deserialization Vulnerability (CVE-2024-6327)

Posted by Diksha Ojha on July 25, 2024July 25, 2024

Progress addressed a critical severity vulnerability impacting the Telerik Report Server. Tracked as CVE-2024-6327, the vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to complete system compromise. The vulnerability originates from an insecure deserialization flaw.

Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)

Posted by Diksha Ojha on June 4, 2024June 17, 2024

A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.