Vulnerability Details CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.4%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-4357
-
cpe:2.3:a:progress:telerik_reporting:-
-
cpe:2.3:a:progress:telerik_reporting:10.0.16.113
-
cpe:2.3:a:progress:telerik_reporting:10.0.16.204
-
cpe:2.3:a:progress:telerik_reporting:10.1.16.504
-
cpe:2.3:a:progress:telerik_reporting:10.1.16.615
-
cpe:2.3:a:progress:telerik_reporting:8.2.14.1027
-
cpe:2.3:a:progress:telerik_reporting:8.2.14.1204
-
cpe:2.3:a:progress:telerik_reporting:9.0.15.225
-
cpe:2.3:a:progress:telerik_reporting:9.0.15.324
-
cpe:2.3:a:progress:telerik_reporting:9.1.15.624
-
cpe:2.3:a:progress:telerik_reporting:9.1.15.731
-
cpe:2.3:a:progress:telerik_reporting:9.2.15.1105
-
cpe:2.3:a:progress:telerik_reporting:9.2.15.1126
-
cpe:2.3:a:progress:telerik_reporting:9.2.15.930