Javelin Vulnerability: Telerik UI
search cancel

Javelin Vulnerability: Telerik UI

book

Article ID: 389803

calendar_today

Updated On: 03-04-2025

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

U9ZSOCKNWDWV001 Telerik UI for WPF < 2024.3.924 Multiple Vulnerabilities Upgrade to Telerik UI for WPF version 2024.3.924 or later. Path              : C:\Grid-Tools\GTEDI\Telerik.Windows.Controls.dll
  Installed version : 2014.1.224.45
  Fixed version     : 2024.3.924



  Path              : C:\Program Files\Grid-Tools\Javelin\Telerik.Windows.Controls.dll
  Installed version : 2014.1.224.45
  Fixed version     : 2024.3.924
Development CVE-2024-7575
CVE-2024-7576
CVE-2024-8316

 

Environment

All supported Javelin releases.

Cause

Vulnerability only with the Javelin UI.

Resolution

We don't own the license for the latest versions of the 3rd party component with the vulnerability (Telerik diagram) - the version used by Javelin is more than 10 years old.

We can either replace the component with some alternative (which would take months, even a year or more) or renew the licence (and this could also take some time anyway to make Javelin compatible with the latest version).

NOTE: only Javelin.exe (the UI) and not JavelinExecutor.exe (command line used by Portal) is affected.

There is nothing we can do about this vulnerability with Javelin UI at this time.