CVE-2024-8015

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-8015

CWE

https://cwe.mitre.org/data/definitions/470.html

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.

Weakness

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

Affected Software

Name	Vendor	Start Version	End Version
Telerik_report_server	Progress	*	10.2.24.924 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/138.html

References

https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References