Such advice from CISA follows several reports noting that between 13,000 and 42,000 ServiceNow systems may be compromised through the flaws, most of which were noted by Resecurity to be in the U.S., the UK, India, and the European Union.
All Telerik Report Server instances before version 10.1.24.709 are affected by the bug, which could be leveraged to facilitate remote code execution, according to Progress Software.
Threat actors exploiting the flaw, tracked as CVE-2023-45249, could facilitate remote code execution without any authentication or user interaction in Acronis Cyber Protect instances.