CVE-2024-8014

HIGH

Telerik Reporting <2024 Q3 - Code Injection

Title source: llm

Description

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.

References (2)

[Vendor Advisory] https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250425-0004/

Scores

CVSS v3 8.8

EPSS 0.0074

EPSS Percentile 72.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-470

Status published

Affected Products (1)

progress/telerik_reporting < 18.2.24.924

Timeline

Published Oct 09, 2024

Tracked Since Feb 18, 2026