Credential Stuffing Vulnerability in Progress Telerik Report Server
CVE-2024-7292

8.8HIGH

Key Information:

Vendor
Progress
Status
Telerik Report Server
Vendor
CVE Published:
9 October 2024

Summary

A security vulnerability in ProgressĀ® TelerikĀ® Report Server allows for credential stuffing attacks due to inadequate restrictions on excessive login attempts. This flaw can enable attackers to gain unauthorized access by systematically trying multiple username and password combinations. The affected versions include those released before the 2024 Q3 update (10.2.24.806). It is crucial for users to be aware of this issue to implement strengthened security measures and protect sensitive information.

References

https://docs.telerik.com/report-server/knowledge-base/imp...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-7292 : Credential Stuffing Vulnerability in Progress Telerik Report Server | SecurityVulnerability.io