CVE-2024-8015: 
Telerik Report Server vulnerability analysis and mitigation

A critical remote code execution vulnerability (CVE-2024-8015) was discovered in Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924). The vulnerability allows remote code execution through object injection via an insecure type resolution vulnerability (Vendor Advisory, NVD).

The vulnerability is classified as CWE-470 (Use of Externally-Controlled Input to Select Classes or Code - 'Unsafe Reflection'). It has received a Critical CVSS v3.1 score of 9.1 (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) from Progress Software Corporation, while NIST assigned a High severity score of 7.2 (Security Online, NVD).

If successfully exploited, this vulnerability could allow attackers to gain complete control of the Report Server through remote code execution capabilities (Security Online).

Progress Software recommends updating to Telerik Report Server version 10.2.24.924 immediately. For users unable to update immediately, a temporary mitigation involves changing the Report Server's Application Pool user to one with limited permissions (Vendor Advisory).