Vulnerability against Cross Domain Policy - Code Scan detects a vulnerability on clarity on-premise servers regarding permissive crossdomain.xml policies and results in a high alert on Flash cross-domain policy. 

Security Scan 

Release: All Supported Clarity Supported Version 
Component: PPMSEC

The document explains how clarity uses crossdomain.xml file a

This vulnerability was fixed in version 15.3. If  a customer is below version 15.3 customers need to update the crossdomain.xml, and put your domain name instead of * to deter potential malicious activity as vulnerability Scanners find all domains access as an intrusion risk.

Step A.
​You can use the * (asterisk) character as a wildcard. domain=* allows access from any domain. The domain access can be restricted, which limits the access for outside domains. For example, specify your domain:

<allow-http-request-headers-from domain="<domain_name>"  headers="*" secure="false" /> 
<allow-access-from domain="<domain_name>" secure="false" />

There are 4 crossdomain.xml files that need to be updated:

• <CA PPM Install>\tomcat-nsa-deploy\ROOT\crossdomain.xml
• <CA PPM Install>\tomcat-app-deploy\ROOT\crossdomain.xml
• <CA PPM Install>\config\crossdomain.xml
• <CA PPM Install>\.setup\templates\crossdomain.xml
  
  
   

Any other external data source integration done with Clarity  needs specification of the cross domain policies. Detailed information can be found here 

Also clarity has configuration on Cross site and documented here