CVE-2024-7294 HIGH

CVE-2024-7294: Uncontrolled resource consumption of anonymous endpoints

Vendor Progress Software Corporation

Product Telerik Report Server

Weakness CWE-400

Published October 9, 2024

Last update October 9, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.

Key dates

02Disclosure timeline

October 9, 2024 CVE published

October 9, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-7294 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

Identifiers

CVE CVE-2024-7294

CWE CWE-400

CVSS 7.5 / HIGH

Affected versions