Lucene search

[email protected]NVD:CVE-2024-6096

HistoryJul 24, 2024 - 2:15 p.m.

CVE-2024-6096

2024-07-2414:15:06

CWE-470

[email protected]

web.nvd.nist.gov

cve-2024-6096

code execution

object injection

progress telerik reporting

insecure type resolution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

JSON

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.

Affected configurations

Nvd

Node

progresstelerik_reportingRange<18.1.24.709

VendorProductVersionCPE
progresstelerik_reporting*cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	telerik_reporting	*	cpe:2.3:a:progress:telerik_reporting::::::::

References

docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

JSON

Related for NVD:CVE-2024-6096

cvelist1 vulnrichment1 nessus1 cve1