Lucene search
ProgressSoftwareCVE-2024-6327HistoryJul 24, 2024 - 2:15 p.m.
CVE-2024-6327
2024-07-2414:15:06
CWE-502
ProgressSoftware
web.nvd.nist.gov
51
20
remote code execution
telerik report server
insecure deserialization
CVSS3
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.001
Percentile
31.3%
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
Affected configurations
Node
progresstelerik_report_serverRange<10.1.24.709
| Vendor | Product | Version | CPE |
|---|---|---|---|
| progress | telerik_report_server | * | cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Telerik Report Server",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2024 Q2 (10.1.24.709)",
"status": "affected",
"version": "1.00",
"versionType": "semver"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2024-6327 Progress Telerik Report Server Deserialization
2024-07-24 13:57:07
nvd
nvd
CVE-2024-6327
2024-07-24 14:15:06
vulnrichment
vulnrichment
CVE-2024-6327 Progress Telerik Report Server Deserialization
2024-07-24 13:57:07
nessus
nessus
Progress Telerik Report Server Insecure Deserialization (CVE-2024-6327)
2024-07-26 00:00:00
thn
thn
Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
2024-07-26 04:10:00
CVSS3
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.001
Percentile
31.3%
Related for CVE-2024-6327