7.5

CVE-2024-7294

Uncontrolled resource consumption of anonymous endpoints

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ProgressTelerik Reporting Version < 10.2.24.806
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.227
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
security@progress.com 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://docs.telerik.com/report-server/knowledge-base/uncontrolled-resource-consumption-cve-2024-7294
Vendor Advisory