CVE-2024-4358

Warnung

EPSS 94.34%
Veröffentlicht 29.05.2024 15:16:06
Zuletzt bearbeitet 27.01.2025 21:43:05
Quelle security@progress.com
Teams Watchlist Login
Unerledigt Login

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Telerik ≫ Report Server 2024 Version <= 10.0.24.305

13.06.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability

Schwachstelle

Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.34%	1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@progress.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2024-4358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4358

EUVD