Skip to content
Analyst Insight: Download your copy of the Gartner® Hype Cycle™ for Security Operations, 2024 Report today! | Get Report
Advisory

June 7, 2024: Authentication Bypass Vulnerability in Progress Telerik Report Server Could Lead to Unauthorized Access of Internal Report Data

  • Issue Name and Description: Authentication Bypass vulnerability in Progress Telerik Report Server
  • Date Published: 2024-05-29
  • CVE-ID and CVSS Score: CVE-2024-4358 – 9.8 (CRITICAL)
  • CWE: CWE-290 Authentication Bypass by Spoofing
  • Asset Description: Telerik Report Server is a server-based report management platform by Progress Software. This issue affects Report Server version 2024 Q1 (10.0.24.305) and earlier running on IIS.

Example Telerik Report Server login page

 

Attack Surface Management Solutions
Learn more