Skip to content
New Ebook: Get your copy of the Unleash the Power of Censys Search Handbook today! | Download Now
Advisory

June 7, 2024: Authentication Bypass Vulnerability in Progress Telerik Report Server Could Lead to Unauthorized Access of Internal Report Data

  • Issue Name and Description: Authentication Bypass vulnerability in Progress Telerik Report Server
  • Date Published: 2024-05-29
  • CVE-ID and CVSS Score: CVE-2024-4358 – 9.8 (CRITICAL)
  • CWE: CWE-290 Authentication Bypass by Spoofing
  • Asset Description: Telerik Report Server is a server-based report management platform by Progress Software. This issue affects Report Server version 2024 Q1 (10.0.24.305) and earlier running on IIS.

Example Telerik Report Server login page

 

Attack Surface Management Solutions
Learn more