In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2024-4358 | Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
CVE-2024-4358 is an authentication bypass vulnerability. This has been seen to be chained with CVE-2024-1800 in order to achieve remote code execution.
References
|