CVE-2024-4358

CVSS v3.1 9.8 (Critical)

EPSS 93.85 % (99^th)

Affected Products 1

Advisories 1

NVD Status Analyzed

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

Weaknesses

CWE-290: Authentication Bypass by Spoofing

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: Progress Software Corporation
Published Date: 2024-05-29 15:16:06
(3 months ago)
Updated Date: 2024-06-14 17:59:33
(2 months ago)

Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)

Description: Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns: Unknown
Notes: https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358

Vendor: Progress
Product: Telerik Report Server
In CISA Catalog from: 2024-06-13
(2 months ago)
Due Date: 2024-07-04
(2 months ago)

Affected Products

Telerik

Report Server 2024

Configuration #1

		CPE23	From	Up To
	Telerik Report Server 2024 10.0.24.305 and prior versions	cpe:2.3:a:telerik:report_server_2024		<= 10.0.24.305