Credential Stuffing Vulnerability in Progress Telerik Report Server
CVE-2024-7292

8.8HIGH

Key Information:

Vendor: Progress
Status: Telerik Report Server
Vendor: CVE Published:; 9 October 2024

What is CVE-2024-7292?

A security vulnerability in Progress® Telerik® Report Server allows for credential stuffing attacks due to inadequate restrictions on excessive login attempts. This flaw can enable attackers to gain unauthorized access by systematically trying multiple username and password combinations. The affected versions include those released before the 2024 Q3 update (10.2.24.806). It is crucial for users to be aware of this issue to implement strengthened security measures and protect sensitive information.

References

https://docs.telerik.com/report-server/knowledge-base/imp...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2024