Weak Password Configuration Vulnerability in Progress Telerik Report Server
CVE-2024-7293

8.8HIGH

Key Information:

Vendor: Progress
Status: Telerik Reporting
Vendor: CVE Published:; 9 October 2024

What is CVE-2024-7293?

The vulnerability in Progress Telerik Report Server permits attackers to execute brute force password attacks due to inadequate password policies. Versions released prior to 2024 Q3 are susceptible, making it crucial for organizations utilizing this software to enhance their password security measures. By failing to enforce strong password complexity requirements, the product allows unauthorized access through automated guesswork, potentially compromising sensitive data and system integrity.

References

https://docs.telerik.com/report-server/knowledge-base/wea...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2024