Weak Password Configuration Vulnerability in Progress Telerik Report Server
CVE-2024-7293

8.8HIGH

Key Information:

Vendor
Progress
Status
Telerik Reporting
Vendor
CVE Published:
9 October 2024

Summary

The vulnerability in Progress Telerik Report Server permits attackers to execute brute force password attacks due to inadequate password policies. Versions released prior to 2024 Q3 are susceptible, making it crucial for organizations utilizing this software to enhance their password security measures. By failing to enforce strong password complexity requirements, the product allows unauthorized access through automated guesswork, potentially compromising sensitive data and system integrity.

References

https://docs.telerik.com/report-server/knowledge-base/wea...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-7293 : Weak Password Configuration Vulnerability in Progress Telerik Report Server | SecurityVulnerability.io