Developers advise rapid patching of Telerik Report Server
An important security update closes a critical gap in the IT management and reporting solution Telerik Report Server.
Attackers can use a loophole in Progress Telerik Report Server to push malicious code onto company systems and execute it. A security patch is available.
In a warning message, the developers write that the vulnerability (CVE-2024-6327) is classified as"critical". Due to insufficient checks, remote attackers can execute their own code.
Version 2024 Q2 (10.1.24.709) is equipped against this. According to the developers, all previous versions are vulnerable. If admins are currently unable to install the update, they can restrict the user rights of the Report Server Application Pool as a temporary solution for protection.
(des)