Progress Telerik_reporting

14 CVEs affecting Progress Telerik_reporting. Latest disclosed: 2025-02-12. Critical: 0, High: 11.

Top CVEs affecting Progress Telerik_reporting
CVESeverityScorePublishedSummary
CVE-2024-8014High8.82024-10-09In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolu…
CVE-2024-6096High8.82024-07-24In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vul…
CVE-2024-1856High8.52024-03-20 In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure dese…
CVE-2024-8048High7.82024-10-09In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evalu…
CVE-2024-7840High7.82024-10-09In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elem…
CVE-2024-0832High7.82024-01-31In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environ…
CVE-2024-4202High7.72024-05-15In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
CVE-2024-4200High7.72024-05-15In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure dese…
CVE-2024-1801High7.72024-03-20 In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deser…
CVE-2024-7294High7.52024-10-09In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
CVE-2024-7293High7.52024-10-09In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
CVE-2024-4357Medium6.52024-05-15An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to re…
CVE-2017-9140Medium6.12017-05-22Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP…
CVE-2024-6097Medium5.32025-02-12In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vu…