📦

telerik_reporting

Vendor: progress

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 5 Remote Access

Total CVEs 31 Total Indexed

Avg. EPSS 0.63% Exploit Prob.

Latest CVE CVE-2024-6097 Feb 12

Security Vulnerability Index

Page 2 / 4

8.5 CVSS

CVE-2024-1856

RCE

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.

EPSS: 0.19%

Severity: HIGH

Mar 20, 2024

7.7 CVSS

CVE-2024-1801

RCE

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

EPSS: 0.02%

Severity: HIGH

Mar 20, 2024

7.8 CVSS

CVE-2024-0832

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

EPSS: 0.67%

Severity: HIGH

Jan 31, 2024

6.1 CVSS

CVE-2017-9140

Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.

EPSS: 4.84%

Severity: MEDIUM

May 22, 2017

Displaying 4 of 31 Total Entries

1 2 3 4

Total 4 Sections