CVE-2024-4357
MEDIUM WAF: High
CVSS 6.5
Published: 2024-05-15
CWE-611 CWE-611
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| progress | telerik_reporting | up to 10.1.24.514 |
References
- docs.telerik.com (Vendor Advisory)