Progress Telerik Reporting
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Progress Telerik Reporting.
By the Year
In 2025 there have been 0 vulnerabilities in Progress Telerik Reporting. Last year, in 2024 Telerik Reporting had 13 security vulnerabilities published. Right now, Telerik Reporting is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 13 | 8.07 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Telerik Reporting vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Progress Telerik Reporting Security Vulnerabilities
Telerik Reporting Privilege Escalation via Malicious RDLX File
CVE-2024-11220
- December 06, 2024
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.
Incorrect Execution-Assigned Permissions
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection
CVE-2024-8048
7.8 - High
- October 09, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
Reflection Injection
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection
CVE-2024-8014
8.8 - High
- October 09, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
Reflection Injection
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924)
CVE-2024-7840
7.8 - High
- October 09, 2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
Command Injection
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806)
CVE-2024-7294
6.5 - Medium
- October 09, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
Resource Exhaustion
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806)
CVE-2024-7293
8.8 - High
- October 09, 2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
Weak Password Requirements
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection
CVE-2024-6096
9.8 - Critical
- July 24, 2024
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
Reflection Injection
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier
CVE-2024-4357
6.5 - Medium
- May 15, 2024
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
XXE
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514)
CVE-2024-4202
8.6 - High
- May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
Code Injection
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514)
CVE-2024-4200
7.8 - High
- May 15, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
Marshaling, Unmarshaling
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130)
CVE-2024-1856
8.8 - High
- March 20, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.
Marshaling, Unmarshaling
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130)
CVE-2024-1801
7.8 - High
- March 20, 2024
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
Marshaling, Unmarshaling
In Telerik Reporting versions prior to 2024 R1
CVE-2024-0832
7.8 - High
- January 31, 2024
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Progress Telerik Reporting or by Progress? Click the Watch button to subscribe.