The recently found vulnerability in the Telerik JS library was exploited and many iMIS instances were compromised. If your iMIS instance is not on the most recent SP V, then your iMIS instance needs to be patched to prevent this vulnerability from impacting your environment. Here is some information regarding the patch that needs to be applied:

This patch cannot be applied to early adopter versions of iMIS, or the default iMIS 2017 release. If you are on iMIS 2017 you will need to have a service pack applied before the patch can be used.

There are different versions of the patch for different versions of iMIS. If you are using iMIS 20.1 you must use the version of the patch for your instance.

There are patches for the following versions:

  • 1.1 to 20.1.19
  • 2.1 to 20.2.26
  • 2.49
  • iMIS 2017 SP A to SP U

However, there are potential Issues to watch out for:

If you are patching the iMIS instance on some versions, you will get a JS script error on the home page of the iMIS Desktop client. You can work around this by removing the charts in the staff site and republishing the home page of the desktop client. There may also be some changes with the UI in the staff site after the patch but these are purely cosmetic changes with colors and themes.

This patch also requires and older security patch to also be applied first to iMIS versions 15.2 to 20.2.49

Applying the patch:

Instructions on applying the patch are inside the readme file and are different for each version of the path. Generally, you just have to move the .exe file to the iMIS Net and/or ASI Scheduler directory and run the patch.

If possible it is best to upgrade to SP V or newer, but if this is not possible the patch is essential to your iMIS security.

At E-Tech, we are iMIS experts with over 20 years of experience. We share our expertise with users who are having any issues with iMIS through our contact at contact@etechcomputing.com. Please reach out for more information.