Progress Telerik Reporting <= 2024 Q3 (18.2.24.806) Multiple Vulnerabilities

The version of Progress Telerik Reporting installed on the remote Windows host is prior or equal to 2024 Q3 18.2.24.806. It is, therefore, affected by multiple vulnerabilities: - In Progress® Telerik® Reporting, versions 2024 Q3 18.2.24.806 or earlier, hyperlinks were permitted in the desktop...

CVE-2024-7294

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

CVE-2024-8014

In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible through object injection via an insecure type resolution vulnerability...

CVE-2024-7292 Account Controller allows high count of login attempts

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

CVE-2024-7292 Account Controller allows high count of login attempts

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

CVE-2024-7293 Password policy for new users is not strong enough

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a password brute forcing attack is possible through weak password requirements...

CVE-2024-7293

Affected product: Progress Telerik Report Server. Vulnerability: Password brute forcing possible due to weak password requirements in versions prior to 2024 Q3 (10.2.24.806). Root cause / details: Weak password policy enables brute-force attempts; attack vector is network-based. Impact: High conf...

CVE-2024-7840

CVE-2024-7840 – Progress Telerik Reporting : Affected product is Progress Telerik Reporting (desktop Viewers/Standalone Report Designer) prior to 2024 Q3 (18.2.24.924). Root cause: improper neutralization of hyperlink elements enabling a potential command injection. Impact is described as high fo...

CVE-2024-8048 Telerik Reporting Insecure Expression Evaluation

In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible using object injection via insecure expression evaluation...

CVE-2024-8048

Progress Telerik Reporting (desktop/Standalone Report Designer) prior to 2024 Q3 (version 18.2.24.924) is affected by an insecure expression evaluation vulnerability that enables object injection and may allow code execution. The issue is documented as CVE-2024-8048; CVSS v3.1 base score 7.8 (HIG...

PT-2024-38241 · Progress · Progress Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.806 Description: A credential stuffing attack is possible through improper restriction of excessive login attempts. This issue allows attackers to attempt multiple logins...

Progress Software Telerik Report Server 安全漏洞

Progress Software Telerik Report Server is an enterprise-class report management and distribution solution from Progress Software, Inc. A security vulnerability exists in versions prior to Progress Software Telerik Report Server 2024 Q3 10.2.24.806 that stems from an improper limit on the number ...

Progress Software Telerik Report Server 安全漏洞

Progress Software Telerik Report Server is an enterprise-class report management and distribution solution from Progress Software, USA. A security vulnerability exists in Progress Software Telerik Report Server versions prior to 10.2.24.806 that stems from allowing the use of weak passwords...

PT-2024-38242 · Progress · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q3 10.2.24.806 Description: A password brute forcing attack is possible through weak password requirements. Recommendations: For versions prior to 2024 Q3 10.2.24.806, update to version...

Progress Software Telerik Report Server 安全漏洞

Progress Software Telerik Report Server is an enterprise-level report management and distribution solution from Progress Software, USA. A security vulnerability exists in versions prior to Progress Software Telerik Report Server 2024 Q3 18.2.24.924. An attacker can exploit the vulnerability to...

Progress Software Telerik Reporting 命令注入漏洞

Progress Software Telerik Reporting is a .NET/.NET Framework embedded reporting tool from Progress Software, Inc. A command injection vulnerability exists in versions prior to Progress Software Telerik Reporting 2024 Q3 2024.3.924 that stems from improper neutralization of hyperlinked elements...

Progress Software Telerik Reporting 安全漏洞

Progress Software Telerik Reporting is a .NET/.NET Framework embedded reporting tool from Progress Software, USA. A security vulnerability exists in versions prior to Progress Software Telerik Reporting 2024 Q3 18.2.24.924. An attacker can exploit the vulnerability to execute arbitrary code...

Telerik UI for WPF < 2024.3.924 Multiple Vulnerabilities

The version of Progress Telerik UI for WPF installed on the remote Windows host is prior to 2024 Q3 2024.3.924. It is, therefore, affected by multiple vulnerabilities: - A command injection attack is possible through improper neutralization of hyperlink elements. CVE-2024-7575 - A code execution...