Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
High

CVE-2024-6327

Disclosure Date: July 24, 2024 (last updated July 27, 2024)
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
2
1
Attacker Value
Unknown

CVE-2024-1800

Disclosure Date: March 20, 2024 (last updated January 17, 2025)
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2025-0556

Disclosure Date: February 12, 2025 (last updated February 21, 2025)
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-7295

Disclosure Date: November 13, 2024 (last updated November 19, 2024)
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
Attack Vector: LocalPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-8015

Disclosure Date: October 09, 2024 (last updated October 16, 2024)
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-7292

Disclosure Date: October 09, 2024 (last updated October 16, 2024)
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-4837

Disclosure Date: May 15, 2024 (last updated January 17, 2025)
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0