CVE-2024-8048 | THREATINT

Description

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

PUBLISHED Reserved 2024-08-21 | Published 2024-10-09 | Updated 2025-11-03 | Assigner ProgressSoftware

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Product status

Default status

unaffected

18.2.24.806 (custom) before 18.2.24.924

affected

Credits

Markus Wulftange with CODE WHITE GmbH. finder

References

security.netapp.com/advisory/ntap-20250425-0004/

docs.telerik.com/...cure-expression-evaluation-cve-2024-8048

cve.org (CVE-2024-8048)

nvd.nist.gov (CVE-2024-8048)