Wiz
Vulnerability DatabaseCVE-2024-4837

CVE-2024-4837
Telerik Report Server vulnerability analysis and mitigation

Overview

Telerik Report Server version 2024 Q1 (10.0.24.305) and earlier, running on IIS, contains a trust boundary violation vulnerability (CVE-2024-4837). This vulnerability allows an unauthenticated attacker to gain access to Telerik Report Server restricted functionality (CVE Mitre, Telerik Docs).

Technical details

The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) with a CVSS score of 5.3. The issue specifically affects the storage settings of the Report Server when deployed on IIS environments (Telerik Docs).

Impact

While storage settings are typically not accessible outside the Report Server environment, an attacker who gains access to these settings could potentially interfere with the Report Server's operation by corrupting the settings. If the server is misconfigured to use external options with plain text credentials, these could be exposed to unauthorized users (Telerik Docs).

Mitigation and workarounds

The only recommended mitigation is to update to Telerik Report Server version 2024 Q2 (10.1.24.514) or later. Users with an active Telerik Report Server license can access the updates through their account's Product Downloads section (Telerik Docs).

Community reactions

The vulnerability was discovered and reported by Christian Kuersteiner from Greenbone AG via BugCrowd (Telerik Docs).

Additional resources

SourceThis report was generated using AI

Related Telerik Report Server vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2024-6327CRITICAL9.8
  • Telerik Report ServerTelerik Report Server
  • cpe:2.3:a:progress:telerik_report_server
NoYesJul 24, 2024
CVE-2024-7292HIGH8.8
  • Telerik Report ServerTelerik Report Server
  • cpe:2.3:a:progress:telerik_report_server
NoYesOct 09, 2024
CVE-2024-8015HIGH7.2
  • Telerik Report ServerTelerik Report Server
  • cpe:2.3:a:progress:telerik_report_server
NoYesOct 09, 2024
CVE-2025-0556MEDIUM6.5
  • Telerik Report ServerTelerik Report Server
  • cpe:2.3:a:progress:telerik_report_server
NoYesFeb 12, 2025
CVE-2024-7295MEDIUM6.2
  • Telerik Report ServerTelerik Report Server
  • cpe:2.3:a:progress:telerik_report_server
NoYesNov 13, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo