Vulnerabilities > Progress > Telerik Report Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2025-0556 | Cleartext Transmission of Sensitive Information vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | 6.5 |
| 2024-11-13 | CVE-2024-7295 | Use of Hard-coded Credentials vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. | 6.2 |
| 2024-05-15 | CVE-2024-4837 | Unspecified vulnerability in Progress Telerik Report Server In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. | 5.3 |