Progress Software Telerik Report Server vulnerabilities
3 known vulnerabilities affecting progress_software/telerik_report_server.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-4357P3MEDIUMCVSS 6.5≥ 1.0.0.0, < 10.0.24.5142024-05-15
CVE-2024-4357 [MEDIUM] CWE-611 CVE-2024-4357: An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (1
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
nvd
CVE-2025-0556P4MEDIUMCVSS 6.5≥ 1.0.0, < 2025 Q1 (11.0.25.211)2025-02-12
CVE-2025-0556 [MEDIUM] CWE-319 CVE-2025-0556: In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .N
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.
nvd
CVE-2024-4837P4MEDIUMCVSS 5.3≥ 1.0.0.0, < 10.1.24.5142024-05-15
CVE-2024-4837 [MEDIUM] CWE-200 CVE-2024-4837: In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthentica
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.
nvd