8000 Create encryption-weakness-cve-2024-7295.md (#216) · telerik/report-server-docs@32143a2 · GitHub
[go: up one dir, main page]
Skip to content

Commit 32143a2

Browse files
ighristovighristov
authored
Create encryption-weakness-cve-2024-7295.md (#216)
1 parent 44a2c31 commit 32143a2

File tree

1 file changed

+46
-0
lines changed

1 file changed

+46
-0
lines changed

knowledge-base/encryption-weakness-cve-2024-7295.md

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
---
2+
title: Encryption Weakness (7295)
3+
description: "How to mitigate CVE-2024-7295, an encryption weakness vulnerability."
4+
slug: encryption-weakness-cve-2024-7295
5+
res_type: kb
6+
---
7+
8+
## Description
9+
10+
Product Alert - November 2024 - [CVE-2024-7295](https://www.cve.org/CVERecord?id=CVE-2024-7295)
11+
12+
- Telerik Report Server 2024 Q3 (10.2.24.924) or earlier.
13+
14+
## Issue
15+
16+
CWE-798 Use of Hard-coded Credentials
17+
18+
### What Are the Impacts
19+
20+
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
21+
22+
## Solution
23+
24+
We have addressed the issue and the Progress Telerik team recommends performing an upgrade to the version listed in the table below.
25+
26+
| Current Version | Guidance |
27+
|-----------------|----------|
28+
| 2024 Q3 (10.2.24.924) or earlier | Update to 2024 Q4 (10.3.24.1112) ([update instructions](({%slug upgrade%}))) |
29+
30+
All customers who have a Telerik Report Server license can access the downloads here [Product Downloads | Your Account](https://www.telerik.com/account/downloads/product-download?product=REPSERVER).
31+
32+
## Notes
33+
34+
- You can check what version you are running by:
35+
1. Go to your Report Server web UI and log in using an account with administrator rights.
36+
1. Open the Configuration page (`~/Configuration/Index`).
37+
1. Select the About tab, the version number is displayed in the pane on the right.
38+
- If you have any questions or concerns related to this issue, open a new Technical Support case in [Your Account | Support Center](https://www.telerik.com/account/support-center/contact-us/). Technical Support is available to Telerik customers with an active support plan.
39+
40+
## External References
41+
42+
[CVE-2024-7295](https://www.cve.org/CVERecord?id=CVE-2024-7295) (HIGH)
43+
44+
**CVSS:** 7.1
45+
46+
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.

0 commit comments

Comments
 (0)
0