In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Progress Software
Progress Software telerik Report Server |
|
CPEs | cpe:2.3:a:progress_software:telerik_report_server:1.0.0.0:*:*:*:*:*:*:* | |
Vendors & Products |
Progress Software
Progress Software telerik Report Server |
|
Metrics |
ssvc
|
Tue, 15 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Progress
Progress telerik Report Server |
|
CPEs | cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Progress
Progress telerik Report Server |
Wed, 09 Oct 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. | |
Title | Account Controller allows high count of login attempts | |
Weaknesses | CWE-307 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ProgressSoftware
Published: 2024-10-09T14:47:10.831Z
Updated: 2024-10-16T15:01:22.209Z
Reserved: 2024-07-30T14:58:12.050Z
Link: CVE-2024-7292
Vulnrichment
Updated: 2024-10-09T16:09:32.066Z
NVD
Status : Analyzed
Published: 2024-10-09T15:15:15.970
Modified: 2024-10-15T14:50:16.800
Link: CVE-2024-7292
Redhat
No data.