{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8015", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2024-08-20T16:06:35.623Z", "datePublished": "2024-10-09T14:49:19.603Z", "dateUpdated": "2024-10-09T16:06:49.209Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Telerik Reporting", "vendor": "Progress Software", "versions": [{"lessThan": "10.2.24.924", "status": "affected", "version": "1.0.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability."}], "value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability."}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-470", "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-10-09T14:49:19.603Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015"}], "source": {"discovery": "UNKNOWN"}, "title": "Telerik Report Server Insecure Type Resolution", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "progress_software", "product": "telerik_reporting", "cpes": ["cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.0.0", "status": "affected", "lessThan": "10.2.24.924", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T16:04:21.526771Z", "id": "CVE-2024-8015", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T16:06:49.209Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8015", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-09T16:04:21.526771Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:progress_software:telerik_reporting:*:*:*:*:*:*:*:*"], "vendor": "progress_software", "product": "telerik_reporting", "versions": [{"status": "affected", "version": "1.0.0.0", "lessThan": "10.2.24.924", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T16:06:43.005Z"}}], "cna": {"title": "Telerik Report Server Insecure Type Resolution", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Progress Software", "product": "Telerik Reporting", "versions": [{"status": "affected", "version": "1.0.0.0", "lessThan": "10.2.24.924", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.", "supportingMedia": [{"type": "text/html", "value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-470", "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-10-09T14:49:19.603Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8015", "state": "PUBLISHED", "dateUpdated": "2024-10-09T16:06:49.209Z", "dateReserved": "2024-08-20T16:06:35.623Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2024-10-09T14:49:19.603Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F140E0F-FA02-42EA-9F33-928B6BE6D7B6", "versionEndExcluding": "10.2.24.924", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability."}, {"lang": "es", "value": "En las versiones de Telerik Report Server anteriores al tercer trimestre de 2024 (10.2.24.924), es posible un ataque de ejecuci\u00f3n remota de c\u00f3digo mediante la inyecci\u00f3n de objetos mediante una vulnerabilidad de resoluci\u00f3n de tipos insegura."}], "id": "CVE-2024-8015", "lastModified": "2024-10-15T14:55:12.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security@progress.com", "type": "Secondary"}]}, "published": "2024-10-09T15:15:17.097", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-470"}], "source": "security@progress.com", "type": "Primary"}]}

{}