Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for report_server_2024 by telerik

    CVE-2024-4358 (GCVE-0-2024-4358)

    Vulnerability from nvd – Published: 2024-05-29 14:51 – Updated: 2025-10-21 23:05
    Title
    Registration Authentication Bypass Vulnerability
    Summary
    In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Progress Software Corporation Telerik Report Server Affected: 1.0.0 , < 10.1.24.514 (semver)
    Create a notification for this product.
    progress_software telerik_report_server Affected: 1.0.0.0 , < 10.1.24.514 (custom)
        cpe:2.3:a:progress_software:telerik_report_server:1.0.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-29 14:00
    Credits
    Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:progress_software:telerik_report_server:1.0.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "telerik_report_server",
                "vendor": "progress_software",
                "versions": [
                  {
                    "lessThan": "10.1.24.514",
                    "status": "affected",
                    "version": "1.0.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4358",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-14T13:56:10.408308Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2024-06-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:17.218Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2024-06-13T00:00:00.000Z",
                "value": "CVE-2024-4358 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:40:46.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Telerik Report Server",
              "vendor": "Progress Software Corporation",
              "versions": [
                {
                  "lessThan": "10.1.24.514",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2024-05-29T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability."
                }
              ],
              "value": "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:51:21.612Z",
            "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
            "shortName": "ProgressSoftware"
          },
          "references": [
            {
              "url": "https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Registration Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "assignerShortName": "ProgressSoftware",
        "cveId": "CVE-2024-4358",
        "datePublished": "2024-05-29T14:51:21.612Z",
        "dateReserved": "2024-04-30T17:34:38.695Z",
        "dateUpdated": "2025-10-21T23:05:17.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4358 (GCVE-0-2024-4358)

    Vulnerability from cvelistv5 – Published: 2024-05-29 14:51 – Updated: 2025-10-21 23:05
    Title
    Registration Authentication Bypass Vulnerability
    Summary
    In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Progress Software Corporation Telerik Report Server Affected: 1.0.0 , < 10.1.24.514 (semver)
    Create a notification for this product.
    progress_software telerik_report_server Affected: 1.0.0.0 , < 10.1.24.514 (custom)
        cpe:2.3:a:progress_software:telerik_report_server:1.0.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-05-29 14:00
    Credits
    Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:progress_software:telerik_report_server:1.0.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "telerik_report_server",
                "vendor": "progress_software",
                "versions": [
                  {
                    "lessThan": "10.1.24.514",
                    "status": "affected",
                    "version": "1.0.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4358",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-14T13:56:10.408308Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2024-06-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:17.218Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2024-06-13T00:00:00.000Z",
                "value": "CVE-2024-4358 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:40:46.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Telerik Report Server",
              "vendor": "Progress Software Corporation",
              "versions": [
                {
                  "lessThan": "10.1.24.514",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2024-05-29T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability."
                }
              ],
              "value": "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:51:21.612Z",
            "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
            "shortName": "ProgressSoftware"
          },
          "references": [
            {
              "url": "https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Registration Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "assignerShortName": "ProgressSoftware",
        "cveId": "CVE-2024-4358",
        "datePublished": "2024-05-29T14:51:21.612Z",
        "dateReserved": "2024-04-30T17:34:38.695Z",
        "dateUpdated": "2025-10-21T23:05:17.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }