Security News > 2024 > June > Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts
2024-06-04 14:43

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or


News URL

https://thehackernews.com/2024/06/telerik-report-server-flaw-could-let.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-05-29 CVE-2024-4358 Authentication Bypass by Spoofing vulnerability in Telerik Report Server 2024 10.0.24.130/10.0.24.305
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
network
low complexity
telerik CWE-290
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Telerik 8 0 0 5 9 14