PT-2024-38244 · Telerik · Telerik Report Server
Published
2024-11-13
·
Updated
2024-11-18
·
CVE-2024-7295
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
In Progress Telerik Report Server versions prior to 2024 Q4 (10.3.24.1112)
Description
The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
Recommendations
For versions prior to 2024 Q4 (10.3.24.1112), update to version 2024 Q4 (10.3.24.1112) or later to resolve the issue.
As a temporary workaround, consider restricting access to local asset data until a patch is available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Telerik Report Server