Telerik Report Server had a high severity vulnerability that allowed threat actors to compromise endpoints. It has now been patched and Progress Software, the company behind the product, urged its users to apply the fix immediately.
Report Server is a popular platform for handling various reporting needs within an organization. It provides tools for creating, storing, scheduling, and delivering reports in various formats.
According to Progress, the software had a deserialization of untrusted data vulnerability, allowing threat actors to conduct remote code execution (RCE) attacks. It is tracked as CVE-2024-6327 and has a base score of 9.9 (critical).
Not yet abused
Report Server 2024 Q2 (10.1.24.514) and earlier are affected by the flaw. The first patched version is 2024 Q2 (10.1.24.709).
“Updating to Report Server 2024 Q2 (10.1. 24.709) or later is the only way to remove this vulnerability,” Progress said in a follow-up advisory. “The Progress Telerik team strongly recommends upgrading to the latest version.” To check if you are vulnerable to the deserialization of untrusted data bug, open the Configuration page, select the About tab, and look for the version number. Those who are unable to apply the patch at this time should change the Report Server Application Pool user to a user with limited permissions.
There are currently no reports of this vulnerability being exploited in the wild.
Progress Software gained notoriety after the massive data breach involving MOVEit, a managed file transfer (MFT) product. The cyberattack, which took place last year, affected thousands of organizations worldwide, resulted in numerous ransomware attacks, and even prompted the FBI to get involved.
MOVEit is a managed file transfer solution, which is generally used by SMBs and enterprises to securely share sensitive files. In late May last year, the company that built the solution was tipped off about suspicious activity. A deeper investigation revealed a major flaw in the software, allowing attackers to exploit it to steal data from various endpoints. The attackers – a Russian ransomware actor called Cl0p, initially said that at least 100 companies had been affected and their data stolen. Cybersecurity experts Emsisoft claim that more than 2,500 companies confirmed they had been affected by the breach, affecting more than 64 million people.
Through BleepingComputer