Security Alert for Telerik User Interface for Pegboard.
We have been informed by Progress Telerik
who provides the user interface components for the Pegboard application that a security vulnerability (CVE-2017-9248) exists in all versions of Telerik.Web.UI.dll assembly and Pegboard CMS application prior to version 6.5.1911.5053. To check your version of Pegboard CMS log into the console and navigate to the help menu and select the about page option.
We have investigated and addressed the issue and strongly recommend you follow one of the steps below to ensure the safety and security of your Pegboard CMS application. As we consider this vulnerability critical, we urge you to take one of the following actions as soon as possible.
- Direct Clients on active maintenance will be contacted by Pegboard Support to update your site over the course of the next month. If you do not hear from Pegboard support please contact us at firstname.lastname@example.org
- Direct Client without maintenance please purchase a minor upgrade and contact email@example.com to arrange a time to update the Pegboard application. Click here for the purchase the minor upgrade.
- Developers with maintenance use the Pegboard Manager application to download and promote the security patch provided in Pegboard version 6.5.1911.5053 or later.
You can find more details in the Cryptographic Weakness KB article found here: http://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness