Lucene search

K
vulnrichmentProgressSoftwareVULNRICHMENT:CVE-2024-7295
HistoryNov 13, 2024 - 3:22 p.m.

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

2024-11-1315:22:28
CWE-798
ProgressSoftware
github.com
1
cve-2024-7295; hard-coded credentials; data encryption; temporary data; cache data; local asset data; older algorithm; sophisticated actor; decrypt information; telerik report server; in progress.

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

22.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

22.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-7295