Progress Telerik Reporting — known CVE vulnerabilities
Every CVE whose affected-product data names Progress Telerik Reporting, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2024-6096 — CVSS 8.8 (high): In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an…
CVE-2024-8014 — CVSS 8.8 (high): In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an…
CVE-2024-1856 — CVSS 8.5 (high): In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor…
CVE-2024-8048 — CVSS 7.8 (high): In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via…
CVE-2024-0832 — CVSS 7.8 (high): In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer…
CVE-2024-7840 — CVSS 7.8 (high): In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper…
CVE-2024-4200 — CVSS 7.7 (high): In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor…
CVE-2024-1801 — CVSS 7.7 (high): In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor…
CVE-2024-4202 — CVSS 7.7 (high): In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure…
CVE-2024-7294 — CVSS 7.5 (high): In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints…
CVE-2024-7293 — CVSS 7.5 (high): In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak…
CVE-2024-4357 — CVSS 6.5 (medium): An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows…
CVE-2017-9140 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer…
CVE-2024-6097 — CVSS 5.3 (medium): In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor…