Lucene search

ProgressSoftwareCVELIST:CVE-2024-4202

HistoryMay 15, 2024 - 4:53 p.m.

CVE-2024-4202 Progress Telerik Reporting Local Instantiation Vulnerability

2024-05-1516:53:30

CWE-94

ProgressSoftware

www.cve.org

cve-2024-4202

progress telerik reporting

local instantiation

code execution

insecure instantiation vulnerability

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "Telerik Reporting",
    "vendor": "Progress Software Corporation",
    "versions": [
      {
        "lessThan": "18.1.24.2.514",
        "status": "affected",
        "version": "1.0.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-4202