Insecure Deserialization Vulnerability in Progress Telerik UI for WPF
CVE-2024-8316

7.8HIGH

Key Information:

Vendor: Telerik
Status: Ui For WPf
Vendor: CVE Published:; 25 September 2024

What is CVE-2024-8316?

A code execution vulnerability has been identified in Progress Telerik UI for WPF, which allows attackers to exploit insecure deserialization in versions released before 2024 Q3 (2024.3.924). This flaw can lead to serious security risks in applications utilizing this control library, enabling unauthorized code execution that compromises the integrity and confidentiality of the system. Proper mitigation and updates are essential for developers and organizations relying on this product to safeguard their applications from potential exploitation.

References

https://docs.telerik.com/devtools/wpf/knowledge-base/unsa...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2024