Lucene search

ProgressSoftwareCVELIST:CVE-2024-6096

HistoryJul 24, 2024 - 2:00 p.m.

CVE-2024-6096 Unsafe Deserialization Vulnerability

2024-07-2414:00:19

CWE-470

ProgressSoftware

www.cve.org

cve-2024-6096

unsafe deserialization

telerik reporting

code execution

object injection

insecure type resolution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

JSON

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "Telerik Reporting",
    "vendor": "Progress Software Corporation",
    "versions": [
      {
        "lessThan": "18.1.24.709",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

JSON

Related for CVELIST:CVE-2024-6096