In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-4358 | Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
CVE-2024-4358 is an authentication bypass vulnerability. This has been seen to be chained with CVE-2024-1800 in order to achieve remote code execution.
References
|