Vulnerabilities > Progress > Telerik Report Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-7295 | Use of Hard-coded Credentials vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. | 6.2 |
| 2024-10-09 | CVE-2024-7292 | Improper Restriction of Excessive Authentication Attempts vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. | 8.8 |
| 2024-10-09 | CVE-2024-8015 | Unsafe Reflection vulnerability in Progress Telerik Report Server In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | 7.2 |
| 2024-07-24 | CVE-2024-6327 | Deserialization of Untrusted Data vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-05-15 | CVE-2024-4837 | Unspecified vulnerability in Progress Telerik Report Server In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. | 5.3 |
| 2024-03-20 | CVE-2024-1800 | Deserialization of Untrusted Data vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. | 8.8 |