CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6097 – Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-6097
12 Feb 2025 — In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. • https://docs.telerik.com/reporting/knowledge-base/kb-security-absolute-path-traversal-CVE-2024-6097 • CWE-36: Absolute Path Traversal •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2024-6096 – Unsafe Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-6096
24 Jul 2024 — In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4200 – Progress Telerik Reporting Local Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-4200
15 May 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. En las versiones de Progress® Telerik® Reporting anteriores al segundo trimestre de 2024 (18.1.24.2.514), un actor de amenazas local puede realizar un ataque de ejecución de código a través de una vulnerabilidad de deserialización insegura. • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-4200 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4202 – Progress Telerik Reporting Local Instantiation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4202
15 May 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. En las versiones de Progress® Telerik® Reporting anteriores al segundo trimestre de 2024 (18.1.24.514), es posible un ataque de ejecución de código a través de una vulnerabilidad de instanciación insegura. • https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1856 – Progress Telerik Reporting Remote Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-1856
20 Mar 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. Authentication is required to exploit this vulnerability. The specific flaw exists within the ObjectReader class. The issue results from the lack of proper validation of user-supplied data, wh... • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1801 – Progress Telerik Reporting Local Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-1801
20 Mar 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ObjectReader class. The i... • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 • CWE-502: Deserialization of Untrusted Data •