U9ZSOCKNWDWV001 | Telerik UI for WPF < 2024.3.924 Multiple Vulnerabilities | Upgrade to Telerik UI for WPF version 2024.3.924 or later. | Path : C:\Grid-Tools\GTEDI\Telerik.Windows.Controls.dll Installed version : 2014.1.224.45 Fixed version : 2024.3.924 Path : C:\Program Files\Grid-Tools\Javelin\Telerik.Windows.Controls.dll Installed version : 2014.1.224.45 Fixed version : 2024.3.924 |
Development | CVE-2024-7575 CVE-2024-7576 CVE-2024-8316 |
All supported Javelin releases.
Vulnerability only with the Javelin UI.
We don't own the license for the latest versions of the 3rd party component with the vulnerability (Telerik diagram) - the version used by Javelin is more than 10 years old.
We can either replace the component with some alternative (which would take months, even a year or more) or renew the licence (and this could also take some time anyway to make Javelin compatible with the latest version).
NOTE: only Javelin.exe (the UI) and not JavelinExecutor.exe (command line used by Portal) is affected.
There is nothing we can do about this vulnerability with Javelin UI at this time.