| title | description | slug | res_type |
|---|---|---|---|
Encryption Weakness (7295) |
How to mitigate CVE-2024-7295, an encryption weakness vulnerability. |
encryption-weakness-cve-2024-7295 |
kb |
Product Alert - November 2024 - CVE-2024-7295
- Telerik Report Server 2024 Q3 (10.2.24.924) or earlier.
CWE-798 Use of Hard-coded Credentials
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
We have addressed the issue and the Progress Telerik team recommends performing an upgrade to the version listed in the table below.
| Current Version | Guidance |
|---|---|
| 2024 Q3 (10.2.24.924) or earlier | Update to 2024 Q4 (10.3.24.1112) ([update instructions](({%slug upgrade%}))) |
All customers who have a Telerik Report Server license can access the downloads here Product Downloads | Your Account.
- You can check what version you are running by:
- Go to your Report Server web UI and log in using an account with administrator rights.
- Open the Configuration page (
~/Configuration/Index). - Select the About tab, the version number is displayed in the pane on the right.
- If you have any questions or concerns related to this issue, open a new Technical Support case in Your Account | Support Center. Technical Support is available to Telerik customers with an active support plan.
CVE-2024-7295 (HIGH)
CVSS: 7.1
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.