Vulnerability Details CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.943
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Ransomware Campaign
Unknown
References
Products affected by CVE-2024-4358
-
cpe:2.3:a:telerik:report_server_2024:-
-
cpe:2.3:a:telerik:report_server_2024:10.0.24.130
-
cpe:2.3:a:telerik:report_server_2024:10.0.24.305