Code Execution Vulnerability in Progress Telerik Reporting
CVE-2024-8048

7.8HIGH

Key Information:

Vendor
Progress
Status
Telerik Reporting
Vendor
CVE Published:
9 October 2024

Summary

A code execution vulnerability has been identified in Progress Telerik Reporting, particularly in versions released before the 2024 Q3 update (18.2.24.924). This vulnerability arises from insecure expression evaluation, which allows attackers to perform object injection attacks. Exploiting this flaw could lead to unauthorized command execution on affected systems, posing significant risks to data integrity and system security. Organizations using the impacted versions are urged to upgrade to the latest version to mitigate this security risk.

References

https://docs.telerik.com/reporting/knowledge-base/insecur...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-8048 : Code Execution Vulnerability in Progress Telerik Reporting | SecurityVulnerability.io