Uncontrolled Resource Consumption
Description
Product Alert – September 2024 - CVE-2024-7294
- Telerik Report Server 2024 Q3 (10.2.24.709) or earlier.
Issue
CWE-400 Uncontrolled Resource Consumption
What Are the Impacts
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
Solution
We have addressed the issue and the Progress® Telerik® team recommends performing an upgrade to the version listed in the table below.
Current Version | Guidance |
---|---|
2024 Q3 (10.2.24.709) or earlier | Update to 2024 Q3 (10.2.24.806) (update instructions) |
All customers who have a Telerik Report Server license can access the downloads here Product Downloads | Your Account.
Notes
- You can check what version you are running by:
- Go to your Report Server web UI and log in using an account with administrator rights.
- Open the Configuration page (
~/Configuration/Index
). - Select the About tab, the version number is displayed in the pane on the right.
- If you have any questions or concerns related to this issue, open a new Technical Support case in Your Account | Support Center. Technical Support is available to Telerik customers with an active support plan.
External References
CVE-2024-7294 (HIGH)
CVSS: 7.5
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.