EDB-52103
webappsmultiple
Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
CVE-2024-4358
VeryLazyTech3/28/2025
CISA既知の悪用された脆弱性
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
必要な対応:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
期限:
2024-07-04
説明
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
AI分析AIによる分析
影響を受ける製品
telerikreport_server_2024
利用可能なエクスプロイト (1)
参照
- https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358MitigationVendor Advisory
- https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358MitigationVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358US Government Resource