cbcvebase.

Progress Software Telerik Reporting vulnerabilities

5 known vulnerabilities affecting progress_software/telerik_reporting.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5

Vulnerabilities

Page 1 of 1
CVE-2024-8014P3HIGHCVSS 8.8≥ 18.2.24.806, < 18.2.24.9242024-10-09
CVE-2024-8014 [HIGH] CWE-470 CVE-2024-8014: In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is po In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
nvd
CVE-2024-8015P3HIGHCVSS 7.2≥ 1.0.0.0, < 10.2.24.9242024-10-09
CVE-2024-8015 [HIGH] CWE-470 CVE-2024-8015: In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution a In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
nvd
CVE-2024-0832P3HIGHCVSS 7.8≥ 1.0, < 2024 R12024-01-31
CVE-2024-0832 [HIGH] CWE-269 CVE-2024-0832: In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identif In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating s
nvd
CVE-2024-7840P3HIGHCVSS 7.8≥ 18.2.24.806, < 18.2.24.9242024-10-09
CVE-2024-7840 [HIGH] CWE-77 CVE-2024-7840: In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
nvd
CVE-2024-8048P3HIGHCVSS 7.8≥ 18.2.24.806, < 18.2.24.9242024-10-09
CVE-2024-8048 [HIGH] CWE-470 CVE-2024-8048: In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is po In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
nvd