In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
https://www.rapid7.com/blog/post/2024/06/14/metasploit-weekly-wrap-up-06-14-2024/
https://thecyberthrone.in/2024/06/14/cisa-kev-catalog-update-part-ii-june-2024/
https://securityaffairs.com/164114/hacking/progress-telerik-report-servers-poc.html
https://thecyberthrone.in/2024/05/31/progress-telerik-fixes-cve-2024-4358/
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358