← Zuruck zu CVEs
CVE-2024-4358
CRITICALCISA KEV9.8
Beschreibung
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/29/2024
Zuletzt geandert10/31/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerProgress
ProduktTelerik Report Server
SchwachstellennameProgress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
KEV Aufnahmedatum2024-06-13
Behebungsfrist2024-07-04
Ransomware-NutzungUnknown
Betroffene Produkte
telerik:report_server_2024
Schwachen (CWE)
CWE-290CWE-290
Referenzen
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358(security@progress.com)
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.