Telerik Report Server
Approved changes feed: RSS · Atom
cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Progress (f9d80521-f73f-5a85-8df9-9306f2f67809) |
|---|---|
| Product | Telerik Report Server (a1a02645-af58-5297-bdb2-615a0b1c455e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-0556 |
vulnerable | 2026-06-03 14:58:32.417915 |
Telerik Report Server Clear Text Transmission of Agent Commands
HIGH (8.8)
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing.
Published: 2025-02-12T15:11:03.067Z
Updated: 2025-02-12T15:33:35.788Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8015 |
vulnerable | 2026-06-03 14:58:07.925268 |
Telerik Report Server Insecure Type Resolution
CRITICAL (9.1)
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
Published: 2024-10-09T14:49:19.603Z
Updated: 2024-10-09T16:06:49.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7295 |
vulnerable | 2026-06-03 14:58:05.487234 |
Hard-coded credentials used for temporary and cache data encryption
HIGH (7.1)
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
Published: 2024-11-13T15:22:28.781Z
Updated: 2024-11-13T19:13:33.110Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7294 |
vulnerable | 2026-06-03 14:58:05.486819 |
Uncontrolled resource consumption of anonymous endpoints
HIGH (7.5)
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
Published: 2024-10-09T14:45:30.445Z
Updated: 2024-10-09T16:17:21.325Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7293 |
vulnerable | 2026-06-03 14:58:05.486425 |
Password policy for new users is not strong enough
HIGH (7.5)
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
Published: 2024-10-09T14:43:28.711Z
Updated: 2024-10-09T16:18:01.674Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7292 |
vulnerable | 2026-06-03 14:58:05.486025 |
Account Controller allows high count of login attempts
HIGH (7.5)
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
Published: 2024-10-09T14:47:10.831Z
Updated: 2024-10-16T15:01:22.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6327 |
vulnerable | 2026-06-03 14:58:02.588377 |
Progress Telerik Report Server Deserialization
CRITICAL (9.9)
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
Published: 2024-07-24T13:57:07.165Z
Updated: 2024-08-01T21:33:05.307Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4837 |
vulnerable | 2026-06-03 14:57:16.293169 |
Trust Boundary Violation Vulnerability
MEDIUM (5.3)
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.
Published: 2024-05-15T17:04:05.705Z
Updated: 2024-08-01T20:55:09.990Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1800 |
vulnerable | 2026-06-03 14:54:34.681686 |
Progress Telerik Report Server Deserialization
CRITICAL (9.9)
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
Published: 2024-03-20T13:11:41.461Z
Updated: 2024-08-01T18:48:22.048Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.