Description

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, an unauthenticated attacker can exploit an authentication bypass vulnerability to gain access to restricted functionality. This vulnerability allows attackers to bypass the authentication mechanisms and potentially manipulate or exfiltrate sensitive data from the Report Server.

Remediation

Update to Report Server 2024 Q2 (10.1.24.514) or later to mitigate this vulnerability.

References

Authentication Bypass Vulnerability

Molding Lies Into Reality || Exploiting CVE-2024-4358

Related Vulnerabilities

PostgreSQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-0062)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7449)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-5542)

MySQL CVE-2014-2434 Vulnerability (CVE-2014-2434)

WebLogic CVE-2023-21960 Vulnerability (CVE-2023-21960)

Severity

Critical

Classification

CVE-2024-4358 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Authentication Bypass Known Vulnerabilities