Telerik Reporting Security Vulnerabilities and Issues — Telerik Reporting CVE List

Lucene search

ProgressTelerik Reporting

12 matches found

CVE•added 2024/03/20 1:15 p.m.•55 views

CVE-2024-1856

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.

8.8CVSS8.7AI score0.00109EPSS

CVE•added 2024/03/20 1:15 p.m.•53 views

CVE-2024-1801

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

7.8CVSS7.9AI score0.00014EPSS

CVE•added 2024/07/24 2:15 p.m.•53 views

CVE-2024-6096

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.

9.8CVSS9AI score0.01416EPSS

CVE•added 2024/10/09 3:15 p.m.•50 views

CVE-2024-8014

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.

8.8CVSS9.1AI score0.02148EPSS

CVE•added 2024/10/09 3:15 p.m.•41 views

CVE-2024-7840

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.

7.8CVSS8.1AI score0.00255EPSS

CVE•added 2024/10/09 3:15 p.m.•38 views

CVE-2024-7293

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.

8.8CVSS7.7AI score0.00058EPSS

CVE•added 2024/01/31 4:15 p.m.•37 views

CVE-2024-0832

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package t...

7.8CVSS7.5AI score0.00674EPSS

CVE•added 2024/10/09 3:15 p.m.•36 views

CVE-2024-7294

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.

7.5CVSS6.9AI score0.00103EPSS

CVE•added 2024/10/09 3:15 p.m.•33 views

CVE-2024-8048

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

7.8CVSS8.2AI score0.00134EPSS

CVE•added 2024/05/15 5:15 p.m.•26 views

CVE-2024-4200

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

7.8CVSS7.1AI score0.00049EPSS

CVE•added 2024/05/15 5:15 p.m.•18 views

CVE-2024-4202

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.

8.6CVSS7.2AI score0.00046EPSS

CVE•added 2024/05/15 5:15 p.m.•16 views

CVE-2024-4357

An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.

6.5CVSS6.1AI score0.01136EPSS