CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7295 – Hard-coded credentials used for temporary and cache data encryption
https://notcve.org/view.php?id=CVE-2024-7295
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. • https://docs.telerik.com/report-server/knowledge-base/encryption-weakness-cve-2024-7295 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7294 – Uncontrolled resource consumption of anonymous endpoints
https://notcve.org/view.php?id=CVE-2024-7294
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. • https://docs.telerik.com/report-server/knowledge-base/uncontrolled-resource-consumption-cve-2024-7294 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7293 – Password policy for new users is not strong enough
https://notcve.org/view.php?id=CVE-2024-7293
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. • https://docs.telerik.com/report-server/knowledge-base/weak-password-requirement-cve-2024-7293 • CWE-521: Weak Password Requirements •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6327 – Progress Telerik Report Server Deserialization
https://notcve.org/view.php?id=CVE-2024-6327
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. • https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327 https://www.telerik.com/report-server • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4837 – Trust Boundary Violation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4837
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. En Progress Telerik Report Server, versión 2024 Q1 (10.0.24.305) o anterior, en IIS, un atacante no autenticado puede obtener acceso a la funcionalidad restringida de Telerik Report Server a través de una vulnerabilidad de violación de los límites de confianza. • https://docs.telerik.com/report-server/knowledge-base/information-exposure-cve-2024-4837 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •