PT-2024-30601 · Progress · Telerik Report Server
Sina Kheirkhah
·
Published
2024-05-15
·
Updated
2025-01-16
·
CVE-2024-4357
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Progress Telerik Report Server versions 10.0.24.305 or earlier
Description
An information disclosure issue exists, allowing a low-privilege attacker to read system files via XML External Entity Processing. This is related to the
ValidateMetadaUri function and XML External Entity Processing.Recommendations
For versions 10.0.24.305 or earlier, consider disabling the
ValidateMetadaUri function as a temporary workaround until a patch is available. Restrict access to sensitive system files to minimize the risk of exploitation.Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Telerik Report Server