GCVE - cpe:2.3:a:progress_software:telerik_report

Approved changes feed: RSS · Atom

cpe:2.3:a:progress_software:telerik_report_server:1.0.0.0:*:*:*:*:*:*:*

part: a version: 1.0.0.0 update: *

Vendor	Progress Software (`96c4320b-2c72-5331-bd5a-d39d72393793`)
Product	Telerik Report Server (`7f848d9d-2903-5718-ae01-ef1079ace098`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-7292`	vulnerable	2026-06-03 14:58:05.485834	Account Controller allows high count of login attempts HIGH (7.5) In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. Published: 2024-10-09T14:47:10.831Z Updated: 2024-10-16T15:01:22.209Z Open on db.gcve.eu Reference links https://docs.telerik.com/report-server/knowledge-base/improper-restriction-of-excessive-login-attempts-cve-2024-7292	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4358`	vulnerable	2026-06-03 14:57:15.283973	Registration Authentication Bypass Vulnerability CRITICAL (9.8) In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. Published: 2024-05-29T14:51:21.612Z Updated: 2025-10-21T23:05:17.218Z Open on db.gcve.eu Reference links https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-4357`	vulnerable	2026-06-03 14:57:15.282143	XML External Entity Processing Information Disclosure MEDIUM (6.5) An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. Published: 2024-05-15T16:58:31.306Z Updated: 2024-08-01T20:40:46.481Z Open on db.gcve.eu Reference links https://docs.telerik.com/report-server/knowledge-base/xxe-vulnerability-cve-2024-4357	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1800`	vulnerable	2026-06-03 14:54:34.677731	Progress Telerik Report Server Deserialization CRITICAL (9.9) In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. Published: 2024-03-20T13:11:41.461Z Updated: 2024-08-01T18:48:22.048Z Open on db.gcve.eu Reference links https://www.telerik.com/report-server https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Telerik Report Server

PURL mappings

Vulnerability references

Contribute