CVE-2024-4202 - OpenCVE

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2024-05-15T16:53:30.262Z

Updated: 2024-06-06T19:47:25.365Z

Reserved: 2024-04-25T17:02:21.125Z

Link: CVE-2024-4202

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-15T17:15:15.583

Modified: 2024-05-15T18:35:11.453

Link: CVE-2024-4202

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4202", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2024-04-25T17:02:21.125Z", "datePublished": "2024-05-15T16:53:30.262Z", "dateUpdated": "2024-06-06T19:47:25.365Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux"], "product": "Telerik Reporting", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "18.1.24.2.514", "status": "affected", "version": "1.0.0.0", "versionType": "semver"}]}], "datePublic": "2024-05-15T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability."}], "value": "In Progress\u00ae Telerik\u00ae Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-05-15T16:53:30.262Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202"}], "source": {"discovery": "UNKNOWN"}, "title": "Progress Telerik Reporting Local Instantiation Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "progress", "product": "telerik_reporting", "cpes": ["cpe:2.3:a:progress:telerik_reporting:1.0.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.0.0", "status": "affected", "lessThan": "18.1.24.2.514", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-15T17:36:34.450718Z", "id": "CVE-2024-4202", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T19:47:25.365Z"}}]}}