EDB-52103
webappsmultiple
Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
CVE-2024-4358
VeryLazyTech3/28/2025
CVE-2024-4358
9.8CRITICALIn Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication
게시됨: 5/29/2024업데이트됨: 10/31/2025
CISA 알려진 악용 취약점
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
필요한 조치:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
마감일:
2024-07-04
설명
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
AI 분석AI 기반
영향받는 제품
telerikreport_server_2024
사용 가능한 익스플로잇 (1)
참조
- https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358MitigationVendor Advisory
- https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358MitigationVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358US Government Resource