CVE-2024-7840

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*

History

15 Oct 2024, 14:52

Type Values Removed Values Added
First Time Progress
Progress telerik Reporting
References () https://docs.telerik.com/reporting/knowledge-base/command-injection-cve-2024-7840 - () https://docs.telerik.com/reporting/knowledge-base/command-injection-cve-2024-7840 - Vendor Advisory
CPE cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*

10 Oct 2024, 15:15

Type Values Removed Values Added
Summary (en) In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. (en) In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En las versiones de informes de Telerik anteriores al tercer trimestre de 2024 (2024.3.924), es posible un ataque de inyección de comandos a través de la neutralización incorrecta de elementos de hipervínculo.

09 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 15:15

Updated : 2024-10-15 14:52


NVD link : CVE-2024-7840

Mitre link : CVE-2024-7840

CVE.ORG link : CVE-2024-7840


JSON object : View

Products Affected

progress

  • telerik_reporting
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')