Insecure Type Resolution Vulnerability Affects Telerik Reporting
CVE-2024-6096

9.8CRITICAL

Key Information:

Vendor: Progress Software
Status: Telerik Reporting
Vendor: CVE Published:; 24 July 2024

🔔 Create Progress Software Vulnerability Alert

What is CVE-2024-6096?

A code execution vulnerability exists in Progress Telerik Reporting versions prior to 18.1.24.709 due to an insecure type resolution mechanism. This flaw allows attackers to exploit object injection vulnerabilities, potentially leading to unauthorized code execution within the affected system. Organizations utilizing earlier versions of Telerik Reporting are at risk and should prioritize updating to mitigate this threat.

Affected Version(s)

Telerik Reporting Windows 1.0.0 < 18.1.24.709

References

https://docs.telerik.com/reporting/knowledge-base/unsafe-...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
Jun 17, 2024

Credit

Markus Wulftange with CODE WHITE GmbH