Progress Telerik Reporting < 2025 Q1 (19.0.25.211) Information Disclosure

The version of Progress Telerik Reporting installed on the remote Windows host is prior or equal to 2025 QA 19.0.25.211. It is, therefore, affected by an information disclosure vulnerability. Information disclosure is possible by a local threat actor through an absolute path vulnerability. Note...

Progress Telerik Reporting 安全漏洞

Progress Telerik Reporting is a .NET report embedding tool from Progress, Inc. that enables the creation, design, export, and integration of reports in cloud-based, web and applications. A security vulnerability exists in Progress Telerik Reporting prior to version 2025 Q1, which stems from a loc...

Progress Telerik Reporting <= 2024 Q3 (18.2.24.806) Multiple Vulnerabilities

The version of Progress Telerik Reporting installed on the remote Windows host is prior or equal to 2024 Q3 18.2.24.806. It is, therefore, affected by multiple vulnerabilities: - In Progress® Telerik® Reporting, versions 2024 Q3 18.2.24.806 or earlier, hyperlinks were permitted in the desktop...

CVE-2024-8014

In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible through object injection via an insecure type resolution vulnerability...

CVE-2024-7840

CVE-2024-7840 – Progress Telerik Reporting : Affected product is Progress Telerik Reporting (desktop Viewers/Standalone Report Designer) prior to 2024 Q3 (18.2.24.924). Root cause: improper neutralization of hyperlink elements enabling a potential command injection. Impact is described as high fo...

CVE-2024-8048

Progress Telerik Reporting (desktop/Standalone Report Designer) prior to 2024 Q3 (version 18.2.24.924) is affected by an insecure expression evaluation vulnerability that enables object injection and may allow code execution. The issue is documented as CVE-2024-8048; CVSS v3.1 base score 7.8 (HIG...

Progress Software Telerik Reporting 命令注入漏洞

Progress Software Telerik Reporting is a .NET/.NET Framework embedded reporting tool from Progress Software, Inc. A command injection vulnerability exists in versions prior to Progress Software Telerik Reporting 2024 Q3 2024.3.924 that stems from improper neutralization of hyperlinked elements...

Progress Telerik Reporting < 2024 Q2 (18.1.24.709) Object Injection

The version of Progress Telerik Reporting installed on the remote Windows host is prior to 2024 Q2 18.1.24.709. It is, therefore, affected by an object injection vulnerability: - In Progress® Telerik® Reporting versions prior to 18.1.24.709, an object injection attack is possible through an...

CVE-2024-6096

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability...

CVE-2024-6096 Unsafe Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability...

CVE-2024-6096

Progress Telerik Reporting, before version 18.1.24.709, is affected by an object-injection vulnerability due to insecure type resolution that can lead to code execution. The vulnerability affects Progress Telerik Reporting (a .NET/.NET Framework embedded reporting tool) and various advisories ide...

CVE-2024-4200

In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.2.514, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2024-4200 Progress Telerik Reporting Local Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.2.514, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2024-4200

Progress Telerik Reporting (prior to 2024 Q2; 18.1.24.2.514) is affected by an insecure deserialization vulnerability that can lead to code execution by a local attacker. The issue affects the remote Windows host running the product, with the root cause being insecure deserialization in the appli...

CVE-2024-4200 Progress Telerik Reporting Local Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.2.514, a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability...

CVE-2024-4202

CVE-2024-4202 affects Progress Telerik Reporting versions prior to 2024 Q2 (18.1.24.514). The vulnerability is described as an insecure instantiation vulnerability that enables code execution. The CVE details in the provided documents indicate high impact (confidentiality, integrity, and availabi...

CVE-2024-4202 Progress Telerik Reporting Local Instantiation Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.514, a code execution attack is possible through an insecure instantiation vulnerability...

CVE-2024-4202 Progress Telerik Reporting Local Instantiation Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q2 18.1.24.514, a code execution attack is possible through an insecure instantiation vulnerability...

PT-2024-29683 · Progress · Telerik Reporting

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Reporting versions prior to 2024 Q2 18.1.24.2.514 Description: A code execution attack is possible by a local threat actor through an insecure deserialization vulnerability, allowing for potential exploitation...

The vulnerability of the ObjectReader class in the Progress Telerik Reporting network reporting tool allows a hacker to execute arbitrary code.

The vulnerability of the ObjectReader software class used for creating network reports by Progress Telerik Reporting is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...