Telerik Report Server
Approved changes feed: RSS · Atom
cpe:2.3:a:progress_software_corporation:telerik_report_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Progress Software Corporation (936a4410-8e02-5d5c-938a-4a1509e8d7ef) |
|---|---|
| Product | Telerik Report Server (95552274-92bd-534c-89be-58a82d6c6dd4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-7295 |
vulnerable | 2026-06-08 06:58:21.753810 |
Hard-coded credentials used for temporary and cache data encryption
HIGH (7.1)
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
Published: 2024-11-13T15:22:28.781Z
Updated: 2024-11-13T19:13:33.110Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7294 |
vulnerable | 2026-06-08 06:58:21.753449 |
Uncontrolled resource consumption of anonymous endpoints
HIGH (7.5)
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
Published: 2024-10-09T14:45:30.445Z
Updated: 2024-10-09T16:17:21.325Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7293 |
vulnerable | 2026-06-08 06:58:21.752779 |
Password policy for new users is not strong enough
HIGH (7.5)
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
Published: 2024-10-09T14:43:28.711Z
Updated: 2024-10-09T16:18:01.674Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7292 |
vulnerable | 2026-06-08 06:58:21.751963 |
Account Controller allows high count of login attempts
HIGH (7.5)
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
Published: 2024-10-09T14:47:10.831Z
Updated: 2024-10-16T15:01:22.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6327 |
vulnerable | 2026-06-08 06:58:18.592570 |
Progress Telerik Report Server Deserialization
CRITICAL (9.9)
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
Published: 2024-07-24T13:57:07.165Z
Updated: 2024-08-01T21:33:05.307Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4358 |
vulnerable | 2026-06-08 06:50:17.576582 |
Registration Authentication Bypass Vulnerability
CRITICAL (9.8)
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Published: 2024-05-29T14:51:21.612Z
Updated: 2025-10-21T23:05:17.218Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1800 |
vulnerable | 2026-06-08 06:27:14.548663 |
Progress Telerik Report Server Deserialization
CRITICAL (9.9)
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
Published: 2024-03-20T13:11:41.461Z
Updated: 2024-08-01T18:48:22.048Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.