Telerik Reporting
CVEs (10)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-8015 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | ||
| CVE-2024-7840 | 0.00 | — | 0.00 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | ||
| CVE-2024-8048 | 0.00 | — | 0.00 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | ||
| CVE-2024-8014 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | ||
| CVE-2024-6096 | 0.00 | — | 0.00 | Jul 24, 2024 | In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | ||
| CVE-2024-4200 | 0.00 | — | 0.00 | May 15, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | ||
| CVE-2024-4202 | 0.00 | — | 0.00 | May 15, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | ||
| CVE-2024-1856 | 0.00 | — | 0.00 | Mar 20, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. | ||
| CVE-2024-1801 | 0.00 | — | 0.00 | Mar 20, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | ||
| CVE-2024-0832 | 0.00 | — | 0.01 | Jan 31, 2024 | In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. |
- CVE-2024-8015Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-7840Oct 9, 2024risk 0.00cvss —epss 0.00
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
- CVE-2024-8048Oct 9, 2024risk 0.00cvss —epss 0.00
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
- CVE-2024-8014Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-6096Jul 24, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-4200May 15, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
- CVE-2024-4202May 15, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
- CVE-2024-1856Mar 20, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.
- CVE-2024-1801Mar 20, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
- CVE-2024-0832Jan 31, 2024risk 0.00cvss —epss 0.01
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.