Lucene search

[email protected]NVD:CVE-2024-4837

HistoryMay 15, 2024 - 5:15 p.m.

CVE-2024-4837

2024-05-1517:15:16

CWE-200

[email protected]

web.nvd.nist.gov

progress telerik report server

version 2024

unauthenticated attacker

access

trust boundary violation

iis

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.

References

docs.telerik.com/report-server/knowledge-base/information-exposure-cve-2024-4837

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2024-4837

vulnrichment1 cve1 cvelist1