← Voltar para CVEs
CVE-2024-4358
CRITICALCISA KEV9.8
Descricao
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/29/2024
Ultima modificacao10/31/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorProgress
ProdutoTelerik Report Server
Nome da vulnerabilidadeProgress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
Data inclusao KEV2024-06-13
Prazo de remediacao2024-07-04
Uso em ransomwareUnknown
Produtos afetados
telerik:report_server_2024
Fraquezas (CWE)
CWE-290CWE-290
Referencias
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358(security@progress.com)
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.