New to Telerik Report Server? Download free 30-day trial

Uncontrolled Resource Consumption

Description

Product Alert – September 2024 - CVE-2024-7294

  • Telerik Report Server 2024 Q3 (10.2.24.709) or earlier.

Issue

CWE-400 Uncontrolled Resource Consumption

What Are the Impacts

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.

Solution

We have addressed the issue and the Progress® Telerik® team recommends performing an upgrade to the version listed in the table below.

Current Version Guidance
2024 Q3 (10.2.24.709) or earlier Update to 2024 Q3 (10.2.24.806) (update instructions)

All customers who have a Telerik Report Server license can access the downloads here Product Downloads | Your Account.

Notes

  • You can check what version you are running by:
    1. Go to your Report Server web UI and log in using an account with administrator rights.
    2. Open the Configuration page (~/Configuration/Index).
    3. Select the About tab, the version number is displayed in the pane on the right.
  • If you have any questions or concerns related to this issue, open a new Technical Support case in Your Account | Support Center. Technical Support is available to Telerik customers with an active support plan.

External References

CVE-2024-7294 (HIGH)

CVSS: 7.5

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.

In this article