IBM Patches critical flaw in Administration Runtime Expert for i
Take action: If you are using Administration Runtime Expert for i, isolate the system to be accessible only from trusted networks. Then plan to patch ASAP. Don't ignore the patch, because someone will make a mistake and expose the vulnerable ARM system to attacks.
Learn More
IBM has issued a security alert regarding a critical vulnerability in the IBM Administration Runtime Expert for i. The flaw is caused by the use the Dojo toolkit. The vulnerability is tracked as CVE-2021-23450 (CVSS score 9.8) and is caused by a prototype pollution issue in Dojo's setObject function, which could allow a remote attacker to execute arbitrary code on the system if they send a specially crafted request.
The affected versions of IBM Administration Runtime Expert for i are:
- Version 7.5
- Version 7.4
- Version 7.3
- Version 7.2
IBM recommends that all users of the affected versions apply a specific Program Temporary Fix (PTF).
There is no workaround or mitigations to this issue. IBM stresses the importance of applying the PTF to secure systems effectively. Users operating unsupported versions of the product are urged to upgrade to supported and secured versions to safeguard against potential exploits of this vulnerability.
