nvd-json-data-feeds/CVE-2024/CVE-2024-72xx/CVE-2024-7295.json

{
  "id": "CVE-2024-7295",
  "sourceIdentifier": "security@progress.com",
  "published": "2024-11-13T16:15:20.960",
  "lastModified": "2024-11-18T17:41:49.787",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Progress\u00ae Telerik\u00ae Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information."
    },
    {
      "lang": "es",
      "value": "En las versiones de In Progress\u00ae Telerik\u00ae Report Server anteriores al cuarto trimestre de 2024 (10.3.24.1112), el cifrado de datos de activos locales utilizaba un algoritmo m\u00e1s antiguo que puede permitir que un actor sofisticado descifre esta informaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@progress.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 4.0
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@progress.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "10.3.24.1112",
              "matchCriteriaId": "584D7CE9-ED26-49FA-A27F-B3B171A86AB0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://docs.telerik.com/report-server/knowledge-base/encryption-weakness-cve-2024-7295",
      "source": "security@progress.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}