Known Vulnerabilities
CVE-2024-6096
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
HIGH
CVSS 8.8
Published Jul 24, 2024
CVE-2024-4837
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.
MEDIUM
CVSS 5.3
Published May 15, 2024
CVE-2024-4202
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
HIGH
CVSS 7.7
Published May 15, 2024