ARM identified security vulnerabilities on ARM Forge versions prior to 22.0.x as follow:
- Security update #1: A locally exploitable code-injection vulnerability was identified in versions of MAP and Performance Reports up to and including 21.1.3
- Security update #2: A locally exploitable code-injection vulnerability was identified on Cray systems with ALPS start up (not SLURM or PALS), DDT, MAP and Performance Reports versions up to and including 21.1.3
These vulnerabilities have been fixed in version 22.0 (released on 18th March 2022). OSC have removed the old versions and installed 22.0.2 version. Please start to use 22.0.2 and check our software page for more information.