CVE-2024-8014

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*

History

15 Oct 2024, 14:54

Type Values Removed Values Added
CPE cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*
References () https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014 - () https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014 - Vendor Advisory
First Time Progress
Progress telerik Reporting

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En las versiones de informes de Telerik anteriores al tercer trimestre de 2024 (18.2.24.924), es posible un ataque de ejecución de código a través de la inyección de objetos mediante una vulnerabilidad de resolución de tipos insegura.

09 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 15:15

Updated : 2024-10-15 14:54


NVD link : CVE-2024-8014

Mitre link : CVE-2024-8014

CVE.ORG link : CVE-2024-8014


JSON object : View

Products Affected

progress

  • telerik_reporting
CWE
CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')