CVE-2024-6327

moderate-risk
Published 2024-07-24

In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.

Do I need to act?

~
3.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Telerik Report Server

Affected Vendors

Progress

References (4)

Vendor Advisory https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerabil...
Product https://www.telerik.com/report-server
Vendor Advisory https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerabil...
Product https://www.telerik.com/report-server
45
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal