Vulnerabilities > CVE-2024-1856 - Deserialization of Untrusted Data vulnerability in Progress Telerik Reporting

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

progress

CWE-502

NVD

Published: 2024-03-20

Updated: 2025-01-16

Summary

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Progress Progress Telerik Reporting - Progress Telerik Reporting 8.2.14.1027 Progress Telerik Reporting 8.2.14.1204 Progress Telerik Reporting 9.0.15.225 Progress Telerik Reporting 9.0.15.324 Progress Telerik Reporting 9.1.15.624 Progress Telerik Reporting 9.1.15.731 Progress Telerik Reporting 9.2.15.930 Progress Telerik Reporting 9.2.15.1105 Progress Telerik Reporting 9.2.15.1126 Progress Telerik Reporting 10.0.16.113 Progress Telerik Reporting 10.0.16.204 Progress Telerik Reporting 10.1.16.504 Progress Telerik Reporting 10.1.16.615 Progress Telerik Reporting 10.1.24.514 Progress Telerik Reporting 10.2.16.914 Progress Telerik Reporting 10.2.16.1025 Progress Telerik Reporting 10.2.24.806 Progress Telerik Reporting 11.0.17.118 Progress Telerik Reporting 11.0.17.222 Progress Telerik Reporting 11.0.17.406 Progress Telerik Reporting 11.1.17.503 Progress Telerik Reporting 11.1.17.614 Progress Telerik Reporting 11.2.17.913 Progress Telerik Reporting 11.2.17.1025 Progress Telerik Reporting 12.0.18.117 Progress Telerik Reporting 12.0.18.125 Progress Telerik Reporting 12.0.18.227 Progress Telerik Reporting 12.0.18.416 Progress Telerik Reporting 12.1.18.516 Progress Telerik Reporting 12.1.18.620 Progress Telerik Reporting 12.2.18.912 Progress Telerik Reporting 12.2.18.1017 Progress Telerik Reporting 12.2.18.1129 Progress Telerik Reporting 13.0.19.116 Progress Telerik Reporting 13.0.19.222 Progress Telerik Reporting 13.1.19.514 Progress Telerik Reporting 13.1.19.618 Progress Telerik Reporting 13.2.19.918 Progress Telerik Reporting 13.2.19.1030 Progress Telerik Reporting 14.0.20.115 Progress Telerik Reporting 14.0.20.219 Progress Telerik Reporting 14.1.20.513 Progress Telerik Reporting 14.1.20.618 Progress Telerik Reporting 14.2.20.916 Progress Telerik Reporting 14.2.20.1021 Progress Telerik Reporting 15.0.21.120 Progress Telerik Reporting 15.0.21.224 Progress Telerik Reporting 15.0.21.326 Progress Telerik Reporting 15.1.21.512 Progress Telerik Reporting 15.1.21.616 Progress Telerik Reporting 15.2.21.915 Progress Telerik Reporting 15.2.21.1110 Progress Telerik Reporting 15.2.21.1125 Progress Telerik Reporting 16.0.22.119 Progress Telerik Reporting 16.0.22.225 Progress Telerik Reporting 16.1.22.511 Progress Telerik Reporting 16.1.22.622 Progress Telerik Reporting 16.2.22.914 Progress Telerik Reporting 16.2.22.1109 Progress Telerik Reporting 17.0.23.118 Progress Telerik Reporting 17.0.23.315 Progress Telerik Reporting 17.1.23.606 Progress Telerik Reporting 17.1.23.718 Progress Telerik Reporting 17.2.23.1010 Progress Telerik Reporting 17.2.23.1114	66

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References