CVE-2024-6097 Progress — Exploit & Vulnerability Details MEDIUM

CVE-2024-6097

MEDIUM CVSS 3.1: 5.3 EPSS 0.07%

Parameter	Value
CVSS	5.3 (MEDIUM)
Affected Versions	before 19.0.25.211
Fixed In	19.0.25.211
Type	CWE-22 (Path Traversal), CWE-36
Vendor	Progress
Public PoC	No

In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal

CWE-36

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Progress Telerik_Reporting cpe:2.3:a:progress:telerik_reporting::::::::	—	`19.0.25.211`

References 1

https://docs.telerik.com/reporting/knowledge-base/kb-security-absolute-path-tra…

security@progress.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3692

Progress

8.7

CVE-2026-2878

Progress

5.9

CVE-2025-11235

Progress

7.5

CVE-2025-10703

Progress

8.6

CVE-2025-10702

Progress

8.6

Menu

CVE-2024-6097

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-3692

CVE-2026-2878

CVE-2025-11235

CVE-2025-10703

CVE-2025-10702

CVE Details

Editor's Choice

Menu

CVE-2024-6097

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-3692

CVE-2026-2878

CVE-2025-11235

CVE-2025-10703

CVE-2025-10702

CVE Details

Editor's Choice

Stay informed on cybersecurity