ГлавнаяУязвимости → CVE-2024-4358
9.8критическая

CVE-2024-4358

→ есть в БДУ: BDU:2024-04405 (на русском)
Описание (на английском; русское — в БДУ выше)

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.

Затрагиваемое ПО
Telerik Report server 2024
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4358