7 matches found
CVE-2024-1800
Progress Telerik Report Server CVE-2024-1800 describes an insecure deserialization vulnerability in versions prior to 2024 Q1 (10.0.24.130) that enables remote code execution. The issue arises from deserialization flaws in the server, allowing an attacker to trigger code execution remotely. Sever...
CVE-2024-6327
CVE-2024-6327 affects Progress Telerik Report Server prior to 2024 Q2 (10.1.24.709). The issue is an insecure deserialization vulnerability that enables remote code execution over the network (no user interaction). AFFECTED: Progress Telerik Report Server versions before 10.1.24.709. IMPACT: remo...
CVE-2025-0556
In Progress Telerik Report Server, before 2025 Q1 (11.0.25.211) using the older .NET Framework implementation, the communication of non-sensitive information between the service agent process and the app host process happens over an unencrypted tunnel, exposing it to potential local network traff...
CVE-2024-8015
CVE-2024-8015 affects Progress Telerik Report Server before 2024 Q3 (10.2.24.924). The root cause is an insecure type resolution that allows object injection, enabling remote code execution. Public references describe a remote code execution vulnerability in versions prior to 10.2.24.924. Remedia...
CVE-2024-7295
CVE-2024-7295 affects Progress Telerik Report Server and is tied to an encryption weakness in the local asset data protection. Versions prior to 2024 Q4 (10.3.24.1112) reportedly use an older encryption algorithm, which may allow a sophisticated actor to decrypt local asset data. The vulnerabilit...
CVE-2024-7292
Progress Telerik Report Server up to version 10.2.24.709 (pre-2024 Q3) is affected by CVE-2024-7292 due to improper restriction of excessive login attempts, enabling credential stuffing and potential unauthorized access. The issue is reported for versions prior to 2024 Q3 (10.2.24.806). The docum...
CVE-2024-4837
CVE-2024-4837 affects Progress Telerik Report Server (Progress) on IIS, with the 2024 Q1 release (10.0.24.305) or earlier vulnerable to a trust boundary violation that lets an unauthenticated attacker access restricted functionality. Connected sources identify the affected product, version range,...