Insecure Instantiation Vulnerability in Telerik Reporting Prior to 2024 Q2
CVE-2024-4202

7.7HIGH

Key Information:

Vendor: Progress Software
Status: Telerik Reporting
Vendor: CVE Published:; 15 May 2024

Summary

An insecure instantiation vulnerability has been identified in Progress Telerik Reporting, allowing potential attackers to execute arbitrary code. This vulnerability affects all versions prior to 2024 Q2 (18.1.24.514). Organizations using affected versions of Telerik Reporting should prioritize the implementation of the latest updates and security patches to mitigate the risk of exploitation.

Affected Version(s)

Telerik Reporting Windows 1.0.0.0 < 18.1.24.2.514

References

https://docs.telerik.com/reporting/knowledge-base/instant...

vendor-advisory

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 25, 2024

Collectors

NVD DatabaseMitre Database