Code Execution Vulnerability in Progress Telerik Reporting
CVE-2024-8048

7.8HIGH

Key Information:

Vendor: Progress
Status: Telerik Reporting
Vendor: CVE Published:; 9 October 2024

What is CVE-2024-8048?

A code execution vulnerability has been identified in Progress Telerik Reporting, particularly in versions released before the 2024 Q3 update (18.2.24.924). This vulnerability arises from insecure expression evaluation, which allows attackers to perform object injection attacks. Exploiting this flaw could lead to unauthorized command execution on affected systems, posing significant risks to data integrity and system security. Organizations using the impacted versions are urged to upgrade to the latest version to mitigate this security risk.

References

https://docs.telerik.com/reporting/knowledge-base/insecur...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2024