In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 10 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Description In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.

Wed, 09 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Progress
Progress telerik Reporting
CPEs cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*
Vendors & Products Progress
Progress telerik Reporting
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 09 Oct 2024 15:00:00 +0000

Type Values Removed Values Added
Description In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
Title Improper neutralization special element in hyperlinks
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2024-10-10T14:57:12.659Z

Reserved: 2024-08-15T14:49:50.454Z

Link: CVE-2024-7840

cve-icon Vulnrichment

Updated: 2024-10-09T16:25:23.218Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-09T15:15:16.687

Modified: 2024-10-15T14:52:57.110

Link: CVE-2024-7840

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.