{"id":1254991,"date":"2024-07-26T18:09:57","date_gmt":"2024-07-26T20:09:57","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-faille-critique-dans-le-serveur-de-rapports-telerik-presente-un-risque-dexecution-de-code-a-distance\/"},"modified":"2024-07-26T18:10:03","modified_gmt":"2024-07-26T20:10:03","slug":"une-faille-critique-dans-le-serveur-de-rapports-telerik-presente-un-risque-dexecution-de-code-a-distance","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-faille-critique-dans-le-serveur-de-rapports-telerik-presente-un-risque-dexecution-de-code-a-distance\/","title":{"rendered":"Une faille critique dans le serveur de rapports Telerik pr\u00e9sente un risque d&#8217;ex\u00e9cution de code \u00e0 distance"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">26 juillet 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 \/ Vuln\u00e9rabilit\u00e9 des logiciels<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/07\/Une-faille-critique-dans-le-serveur-de-rapports-Telerik-presente.png\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Progress Software exhorte les utilisateurs \u00e0 mettre \u00e0 jour leurs instances Telerik Report Server suite \u00e0 la d\u00e9couverte d&#8217;une faille de s\u00e9curit\u00e9 critique pouvant entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance.<\/p>\n<p>La vuln\u00e9rabilit\u00e9, suivie comme <strong>CVE-2024-6327<\/strong> (Score CVSS\u00a0: 9,9), impacte la version 2024 Q2 de Report Server (10.1.24.514) et les versions ant\u00e9rieures.<\/p>\n<p>\u00ab Dans les versions de Progress Telerik Report Server ant\u00e9rieures au deuxi\u00e8me trimestre 2024 (10.1.24.709), une attaque d&#8217;ex\u00e9cution de code \u00e0 distance est possible via une vuln\u00e9rabilit\u00e9 de d\u00e9s\u00e9rialisation non s\u00e9curis\u00e9e \u00bb, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/docs.telerik.com\/report-server\/knowledge-base\/deserialization-vulnerability-cve-2024-6327\" target=\"_blank\">dit<\/a> dans un avis consultatif.<\/p>\n<p><a rel=\"nofollow noopener\" href=\"https:\/\/cwe.mitre.org\/data\/definitions\/502.html\" target=\"_blank\">D\u00e9fauts de d\u00e9s\u00e9rialisation<\/a> se produit lorsqu&#8217;une application <a rel=\"nofollow noopener\" href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/hunting-deserialization-exploits\" target=\"_blank\">reconstruit les donn\u00e9es non fiables<\/a> qu&#8217;un attaquant contr\u00f4le sans validation ad\u00e9quate en place, ce qui entra\u00eene l&#8217;ex\u00e9cution de commandes non autoris\u00e9es.<\/p>\n<p>Progress Software a indiqu\u00e9 que la faille a \u00e9t\u00e9 corrig\u00e9e dans la version 10.1.24.709. Pour att\u00e9nuer temporairement ce probl\u00e8me, il est recommand\u00e9 de modifier l&#8217;utilisateur du pool d&#8217;applications Report Server en un utilisateur disposant d&#8217;autorisations limit\u00e9es.<\/p>\n<section class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/intel-inside-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/07\/1721628359_866_Nouvelle-variante-Linux-du-ransomware-Play-ciblant-les-systemes-VMWare.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/section>\n<p>Les administrateurs peuvent v\u00e9rifier si leurs serveurs sont vuln\u00e9rables aux attaques en suivant ces \u00e9tapes\u00a0:<\/p>\n<ul>\n<li>Acc\u00e9dez \u00e0 l&#8217;interface Web du serveur de rapports et connectez-vous \u00e0 l&#8217;aide d&#8217;un compte disposant de droits d&#8217;administrateur.<\/li>\n<li>Ouvrez la page de configuration (~\/Configuration\/Index).<\/li>\n<li>S\u00e9lectionnez l\u2019onglet \u00c0 propos et le num\u00e9ro de version s\u2019affichera dans le volet de droite.<\/li>\n<\/ul>\n<p>Cette divulgation intervient pr\u00e8s de deux mois apr\u00e8s que la soci\u00e9t\u00e9 a corrig\u00e9 une autre faille critique dans le m\u00eame logiciel (CVE-2024-4358, score CVSS : 9,8) qui pourrait \u00eatre exploit\u00e9e par un attaquant distant pour contourner l&#8217;authentification et cr\u00e9er des utilisateurs administrateurs malveillants.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ? Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire davantage de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/07\/critical-flaw-in-telerik-report-server.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80226 juillet 2024\ue804R\u00e9dactionS\u00e9curit\u00e9 \/ Vuln\u00e9rabilit\u00e9 des logiciels Progress Software exhorte les utilisateurs \u00e0 mettre \u00e0 jour leurs instances Telerik Report Server suite \u00e0 la d\u00e9couverte d&#8217;une faille de s\u00e9curit\u00e9 critique pouvant entra\u00eener l&#8217;ex\u00e9cution de code \u00e0 distance. La vuln\u00e9rabilit\u00e9, suivie comme CVE-2024-6327 (Score CVSS\u00a0: 9,9), impacte la version 2024 Q2 de Report Server (10.1.24.514) et [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1254992,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[238714,200292,238582,240744,238778,5597,4168,22,4165,429,28640,2526,9048,238584,200271,238334,98340,1085,655,326,238617,4172,4169,32855,243817,196,4166,238583],"class_list":["post-1254991","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-des-hackers","tag-actualites-sur-la-cybersecurite","tag-actualites-sur-la-cybersecurite-aujourdhui","tag-actualites-sur-le-cyberespace","tag-actualites-sur-le-piratage-informatique","tag-code","tag-comment-pirater","tag-critique","tag-cyber-attaques","tag-dans","tag-dexecution","tag-distance","tag-faille","tag-les-nouvelles-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-cybernetiques","tag-mises-a-jour-de-cybersecurite","tag-presente","tag-rapports","tag-risque","tag-securite-de-linformation","tag-securite-informatique","tag-securite-internet","tag-serveur","tag-telerik","tag-une","tag-violation-de-donnees","tag-vulnerabilite-du-logiciel"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1254991","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1254991"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1254991\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1254992"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1254991"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1254991"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1254991"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}