CVE-2024-1800

high-risk
Published 2024-03-20

In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.

Do I need to act?

!
72.3% chance of exploitation in next 30 days
EPSS score — higher than 28% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Telerik Report Server

Affected Vendors

Progress

References (4)

Vendor Advisory https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerabil...
Product https://www.telerik.com/report-server
Vendor Advisory https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerabil...
Product https://www.telerik.com/report-server
57
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 19/34 · Moderate
Exposure 5/34 · Minimal