Assigner | ProgressSoftware |
Reserved | 2024-04-25 |
Published | 2024-05-15 |
Updated | 2024-07-24 |
Description
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Problem types
CWE-502 Deserialization of Untrusted Data
Product status
1.0.0.0 before 18.1.24.2.514
References
https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-4200