Vulnerabilities > CVE-2024-8014 - Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

progress

CWE-470

NVD

Published: 2024-10-09

Updated: 2024-10-15

Summary

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Progress Progress Telerik Reporting 12.0.18.125	1

Common Weakness Enumeration (CWE)

CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

References

https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014