Insecure Deserialization Vulnerability Affects Telerik Reporting Prior to 2024 Q2
CVE-2024-4200

7.7HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Reporting
Vendor: CVE Published:; 15 May 2024

Summary

An insecure deserialization vulnerability exists in Progress Telerik Reporting, specifically in versions released prior to 2024 Q2 (18.1.24.2.514). This vulnerability can be exploited by a local threat actor to execute arbitrary code, posing a significant risk to data integrity and system security. Proper validation mechanisms are crucial to mitigate potential threats associated with this issue.

Affected Version(s)

Telerik Reporting Windows 1.0.0.0 < 18.1.24.2.514

References

https://docs.telerik.com/reporting/knowledge-base/deseria...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 25, 2024

Collectors

NVD DatabaseMitre Database