Vulnerability against Cross Domain Policy - Code Scan detects a vulnerability on clarity on-premise servers regarding permissive crossdomain.xml policies and results in a high alert on Flash cross-domain policy.
Release: All Supported Clarity Supported Version
Component: PPMSEC
Security Scan
The document explains how clarity uses crossdomain.xml file a
This vulnerability was fixed in version 15.3. If a customer is below version 15.3 customers need to update the crossdomain.xml, and put your domain name instead of * to deter potential malicious activity as vulnerability Scanners find all domains access as an intrusion risk.
Step A.
You can use the * (asterisk) character as a wildcard. domain=* allows access from any domain. The domain access can be restricted, which limits the access for outside domains. For example, specify your domain:
<allow-http-request-headers-from domain="<domain_name>" headers="*" secure="false" />
<allow-access-from domain="<domain_name>" secure="false" />
There are 4 crossdomain.xml files that need to be updated: