Encryption Vulnerability in Progress Telerik Report Server
CVE-2024-7295

6.2MEDIUM

Key Information:

Vendor: Progress
Status: Telerik Report Server
Vendor: CVE Published:; 13 November 2024

What is CVE-2024-7295?

Progress Telerik Report Server prior to its Q4 2024 release (version 10.3.24.1112) is affected by an encryption weakness that may expose local asset data to unauthorized decryption. The product utilizes an outdated encryption algorithm, potentially allowing advanced threat actors to gain access to sensitive information. It is crucial for users and administrators to upgrade to the latest version to ensure data security and mitigate risks.

References

https://docs.telerik.com/report-server/knowledge-base/enc...

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2024