Skip to content
New Report: Get your copy of The 2024 State of the Internet Report! | Download Today
Advisory

June 7, 2024: Authentication Bypass Vulnerability in Progress Telerik Report Server Could Lead to Unauthorized Access of Internal Report Data

  • Issue Name and Description: Authentication Bypass vulnerability in Progress Telerik Report Server
  • Date Published: 2024-05-29
  • CVE-ID and CVSS Score: CVE-2024-4358 – 9.8 (CRITICAL)
  • CWE: CWE-290 Authentication Bypass by Spoofing
  • Asset Description: Telerik Report Server is a server-based report management platform by Progress Software. This issue affects Report Server version 2024 Q1 (10.0.24.305) and earlier running on IIS.

Example Telerik Report Server login page

 

Attack Surface Management Solutions
Learn more