Skip to content
Censys Search Teams: Industry-leading internet intelligence for growing security teams and organizations | Learn More
Advisory

June 7, 2024: Authentication Bypass Vulnerability in Progress Telerik Report Server Could Lead to Unauthorized Access of Internal Report Data

  • Issue Name and Description: Authentication Bypass vulnerability in Progress Telerik Report Server
  • Date Published: 2024-05-29
  • CVE-ID and CVSS Score: CVE-2024-4358 – 9.8 (CRITICAL)
  • CWE: CWE-290 Authentication Bypass by Spoofing
  • Asset Description: Telerik Report Server is a server-based report management platform by Progress Software. This issue affects Report Server version 2024 Q1 (10.0.24.305) and earlier running on IIS.

Example Telerik Report Server login page

 

Attack Surface Management Solutions
Learn more