Lucene search
07842c0e165d4d2d8733dd4eab48b3ed0f7afe38ZDI-24-403HistoryApr 25, 2024 - 12:00 a.m.
Progress Software Telerik Report Server ObjectReader Deserialization of Untrusted Data Remote Code Execution Vulnerability
2024-04-2500:00:00
07842c0e165d4d2d8733dd4eab48b3ed0f7afe38
www.zerodayinitiative.com
8
progress software
telerik report server
objectreader
deserialization
remote code execution
vulnerability
authentication
untrusted data
system
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Report Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ObjectReader class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
cvelist
cvelist
CVE-2024-1800 Progress Telerik Report Server Deserialization
2024-03-20 13:11:41
nessus
nessus
Progress Telerik Report Server Insecure Deserialization (CVE-2024-1800)
2024-06-04 00:00:00
vulnrichment
vulnrichment
CVE-2024-1800 Progress Telerik Report Server Deserialization
2024-03-20 13:11:41
nvd
nvd
CVE-2024-1800
2024-03-20 13:15:11
cve
cve
CVE-2024-1800
2024-03-20 13:15:11
nuclei
nuclei
Progress Telerik Report Server - Authentication Bypass
2024-06-03 10:40:34
zdt
zdt
Telerik Report Server Authentication Bypass / Remote Code Execution Exploit
2024-06-13 00:00:00
packetstorm
packetstorm
Telerik Report Server Authentication Bypass / Remote Code Execution
2024-06-13 00:00:00
metasploit
metasploit
Telerik Report Server Auth Bypass and Deserialization RCE
2024-06-12 12:58:37
Telerik Report Server Auth Bypass
2024-06-06 17:46:21
thn
thn
Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts
2024-06-04 14:43:00
attackerkb
attackerkb
CVE-2024-4358
2024-05-29 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 06/14/2024
2024-06-14 19:09:16