"CISA Warns of Progress Telerik Vulnerability Exploitation"

The US Cybersecurity and Infrastructure Security Agency (CISA) warns federal agencies of the ongoing exploitation of a patched authentication bypass vulnerability in Progress Software's Telerik Report Server. The vulnerability exists because the current installation setup was not properly validated in version 2024 Q1 (10.0.24.305) and earlier iterations. The flaw enables an attacker to supply specific parameters and create a new administrator user. They can then log in to the server. Vulcan Cyber says an attacker can manipulate authentication tokens and impersonate legitimate users without valid credentials. This article continues to discuss the Progress Telerik vulnerability.

SecurityWeek reports "CISA Warns of Progress Telerik Vulnerability Exploitation"

Submitted by grigby1

Submitted by Gregory Rigby on