This article discusses the concerns that customers had with some security flaw announcements from Telerik and how this relates to Ektron.

Cryptographic Weakness
Unrestricted file upload
Insecure direct object reference
Allows JavaScriptSerializer Deserialization

These reports are not an issue for Ektron. Please see the full breakdown below. 

According to the Telerik documentation for the issues, the product is not vulnerable. For all the issues listed, you must have the handlers defined in your web.config. In a default Ektron installation none of those handlers are enabled.

 For the first issue:
"You can test whether the handler is available by requesting the following URL under you application root: Telerik.Web.UI.DialogHandler.aspx?checkHandler=true"; this for us returns a 404.

 For the second and third issues:
A workaround is to remove the handlers or limit the handlers to GET only - Ektron installations do not have these handlers enabled at all.

For the fourth issue:
This is not an issue for Ektron as an older version is leveraged which does not include the RadAsyncUpload.