GCVE - cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Progress (`f9d80521-f73f-5a85-8df9-9306f2f67809`)
Product	Telerik Reporting (`a2d1ede4-603b-5a0e-ba20-3445a1fc99ff`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8048`	vulnerable	2026-06-03 14:58:08.031995	Telerik Reporting Insecure Expression Evaluation HIGH (7.8) In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. Published: 2024-10-09T14:18:56.968Z Updated: 2025-11-03T19:34:46.500Z Open on db.gcve.eu Reference links https://docs.telerik.com/reporting/knowledge-base/insecure-expression-evaluation-cve-2024-8048	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8014`	vulnerable	2026-06-03 14:58:07.924804	Telerik Reporting EntityDataSource Insecure Type Resolution HIGH (8.8) In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. Published: 2024-10-09T14:16:33.764Z Updated: 2025-11-03T19:34:45.119Z Open on db.gcve.eu Reference links https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7840`	vulnerable	2026-06-03 14:58:07.367202	Improper neutralization special element in hyperlinks HIGH (7.8) In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. Published: 2024-10-09T14:41:40.048Z Updated: 2025-11-03T19:34:43.663Z Open on db.gcve.eu Reference links https://docs.telerik.com/reporting/knowledge-base/command-injection-cve-2024-7840	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7294`	vulnerable	2026-06-03 14:58:05.486879	Uncontrolled resource consumption of anonymous endpoints HIGH (7.5) In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. Published: 2024-10-09T14:45:30.445Z Updated: 2024-10-09T16:17:21.325Z Open on db.gcve.eu Reference links https://docs.telerik.com/report-server/knowledge-base/uncontrolled-resource-consumption-cve-2024-7294	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7293`	vulnerable	2026-06-03 14:58:05.486485	Password policy for new users is not strong enough HIGH (7.5) In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. Published: 2024-10-09T14:43:28.711Z Updated: 2024-10-09T16:18:01.674Z Open on db.gcve.eu Reference links https://docs.telerik.com/report-server/knowledge-base/weak-password-requirement-cve-2024-7293	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6327`	vulnerable	2026-06-03 14:58:02.586547	Progress Telerik Report Server Deserialization CRITICAL (9.9) In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. Published: 2024-07-24T13:57:07.165Z Updated: 2024-08-01T21:33:05.307Z Open on db.gcve.eu Reference links https://www.telerik.com/report-server https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6097`	vulnerable	2026-06-03 14:58:01.859267	Absolute Path Traversal Vulnerability MEDIUM (5.3) In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. Published: 2025-02-12T17:37:10.917Z Updated: 2025-02-12T18:54:37.572Z Open on db.gcve.eu Reference links https://docs.telerik.com/reporting/knowledge-base/kb-security-absolute-path-traversal-CVE-2024-6097	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6096`	vulnerable	2026-06-03 14:58:01.856725	Unsafe Deserialization Vulnerability HIGH (8.8) In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. Published: 2024-07-24T14:00:19.107Z Updated: 2025-04-25T23:02:56.247Z Open on db.gcve.eu Reference links https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4357`	vulnerable	2026-06-03 14:57:15.283522	XML External Entity Processing Information Disclosure MEDIUM (6.5) An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. Published: 2024-05-15T16:58:31.306Z Updated: 2024-08-01T20:40:46.481Z Open on db.gcve.eu Reference links https://docs.telerik.com/report-server/knowledge-base/xxe-vulnerability-cve-2024-4357	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4202`	vulnerable	2026-06-03 14:57:14.925565	Progress Telerik Reporting Local Instantiation Vulnerability HIGH (7.7) In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. Published: 2024-05-15T16:53:30.262Z Updated: 2024-08-01T20:33:52.951Z Open on db.gcve.eu Reference links https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4200`	vulnerable	2026-06-03 14:57:14.921100	Progress Telerik Reporting Local Deserialization Vulnerability HIGH (7.7) In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. Published: 2024-05-15T16:56:25.177Z Updated: 2024-08-01T20:33:53.025Z Open on db.gcve.eu Reference links https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-4200	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1856`	vulnerable	2026-06-03 14:54:34.802969	Progress Telerik Reporting Remote Deserialization Vulnerability HIGH (8.5) In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. Published: 2024-03-20T13:13:51.409Z Updated: 2025-12-16T18:13:24.340Z Open on db.gcve.eu Reference links https://www.telerik.com/products/reporting.aspx https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1801`	vulnerable	2026-06-03 14:54:34.684793	Progress Telerik Reporting Local Deserialization Vulnerability HIGH (7.7) In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. Published: 2024-03-20T13:12:34.826Z Updated: 2025-12-16T18:13:24.178Z Open on db.gcve.eu Reference links https://www.telerik.com/products/reporting.aspx https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0832`	vulnerable	2026-06-03 14:54:04.280067	Privilege Elevation via Telerik Reporting Installer HIGH (7.8) In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. Published: 2024-01-31T15:14:44.556Z Updated: 2024-08-23T18:18:34.073Z Open on db.gcve.eu Reference links https://www.telerik.com/products/reporting.aspx https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-9140`	vulnerable	2026-06-03 14:37:41.098521	Details available Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. Published: 2017-05-22T04:54:00.000Z Updated: 2024-08-05T16:55:22.233Z Open on db.gcve.eu Reference links http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-%28version-11-0-17-406%29 https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018 https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.