40 results (0.008 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. • https://docs.telerik.com/report-server/knowledge-base/encryption-weakness-cve-2024-7295 • CWE-798: Use of Hard-coded Credentials •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. • https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2024 https://www.progress.com/ftp-server • CWE-303: Incorrect Implementation of Authentication Algorithm •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of getReport method. The issue results from the lack of authentication and authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 https://www.progress.com/network-monitoring • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. • https://docs.telerik.com/report-server/knowledge-base/uncontrolled-resource-consumption-cve-2024-7294 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. • https://docs.telerik.com/report-server/knowledge-base/weak-password-requirement-cve-2024-7293 • CWE-521: Weak Password Requirements •