Absolute Path Traversal Vulnerability
CVE-2024-6097

5.3MEDIUM

Key Information:

Vendor: Progress Software
Status: Progress® Telerik® Reporting
Vendor: CVE Published:; 12 February 2025

Summary

In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

Affected Version(s)

Progress® Telerik® Reporting 1.0.0 < 2025 Q1 (19.0.25.211)

References

https://docs.telerik.com/reporting/knowledge-base/kb-secu...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Jun 17, 2024

Credit

Markus Wulftange with CODE WHITE GmbH