Progress: >> Telerik Report Server >> 10.1.24.514 Security Vulnerabilities
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-02-12
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-11-13
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-10-09
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-10-09
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
CVSS Score
9.9
EPSS Score
0.013
Published
2024-07-24