Assigner | ProgressSoftware |
Reserved | 2024-04-25 |
Published | 2024-05-15 |
Updated | 2024-06-06 |
Description
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Problem types
CWE-94 Improper Control of Generation of Code ('Code Injection')
Product status
1.0.0.0 before 18.1.24.2.514
References
https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202