Shodan
Vulnerabilities
Vulnerable Software
Progress:  >> Telerik Reporting  Security Vulnerabilities
CVE-2024-6097
In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-02-12
CVE-2024-8048
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-10-09
CVE-2024-7293
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-10-09
CVE-2024-7294
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-10-09
CVE-2024-7840
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
CVSS Score
7.8
EPSS Score
0.003
Published
2024-10-09
CVE-2024-8014
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
CVSS Score
8.8
EPSS Score
0.021
Published
2024-10-09
CVE-2024-6096
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
CVSS Score
8.8
EPSS Score
0.014
Published
2024-07-24
CVE-2024-4200
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
CVSS Score
7.7
EPSS Score
0.0
Published
2024-05-15
CVE-2024-4202
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
CVSS Score
7.7
EPSS Score
0.0
Published
2024-05-15
CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
CVSS Score
6.5
EPSS Score
0.011
Published
2024-05-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved