本页列出影响 progress telerik_reporting 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-6097 | In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. | [email protected] | 5.3 | 0.47% | 2025-02-12 | 2026-06-17 |
| CVE-2024-8048 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | [email protected] | 7.8 | 0.22% | 2024-10-09 | 2026-06-17 |
| CVE-2024-8014 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | [email protected] | 8.8 | 0.60% | 2024-10-09 | 2026-06-17 |
| CVE-2024-7840 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | [email protected] | 7.8 | 0.66% | 2024-10-09 | 2026-06-17 |
| CVE-2024-7294 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. | [email protected] | 7.5 | 0.30% | 2024-10-09 | 2026-06-17 |
| CVE-2024-7293 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. | [email protected] | 7.5 | 0.31% | 2024-10-09 | 2026-06-17 |
| CVE-2024-6096 | In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | [email protected] | 8.8 | 0.86% | 2024-07-24 | 2026-06-17 |
| CVE-2024-4357 | An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | [email protected] | 6.5 | 0.70% | 2024-05-15 | 2026-06-17 |
| CVE-2024-4202 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | [email protected] | 7.7 | 0.27% | 2024-05-15 | 2026-06-17 |
| CVE-2024-4200 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | [email protected] | 7.7 | 0.29% | 2024-05-15 | 2026-06-17 |
| CVE-2024-1856 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. | [email protected] | 8.5 | 1.13% | 2024-03-20 | 2026-06-17 |
| CVE-2024-1801 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | [email protected] | 7.7 | 0.42% | 2024-03-20 | 2026-06-17 |
| CVE-2024-0832 | In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | [email protected] | 7.8 | 0.19% | 2024-01-31 | 2026-06-17 |
| CVE-2017-9140 | Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | [email protected] | 6.1 | 9.64% | 2017-05-22 | 2026-06-16 |