CVE-2024-8048: 
Progress Telerik Reporting vulnerability analysis and mitigation

A code execution vulnerability (CVE-2024-8048) was identified in Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924). The vulnerability allows attackers to perform code execution attacks through object injection via insecure expression evaluation (NVD, Telerik Advisory).

The vulnerability is classified as CWE-470 (Use of Externally-Controlled Input to Select Classes or Code - 'Unsafe Reflection'). It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue specifically affects the Windows desktop standalone Report Designer component, not affecting the Reporting's processing engine or REST services (Telerik Advisory).

If exploited, the vulnerability could allow attackers to execute arbitrary code through object injection, potentially compromising the security of affected systems. The vulnerability specifically impacts the desktop (standalone) Report Designer component of the software (Telerik Advisory).

Progress Software has addressed this vulnerability in version 2024 Q3 (18.2.24.924). Users are strongly recommended to upgrade to this version or later. The fix can be obtained through the Telerik Product Downloads portal for customers with valid licenses (Telerik Advisory).