Security test executed before publishing the SOI mobile gui on internet has detected this vulnerability:
- Error Handling
This is the vulnerability effect as reported in related doc:
By inserting unexpected values into the parameters (for example, by entering a non-numeric value in size), the application includes the exception detail in the response.
It is necessary to capture all the exceptions generated and handle the error showing generic information as an answer.
Extend the countermeasure to the entire perimeter of the application.
A new mobile.war file is available from support
To apply it do the following steps:
1. Stop the SamUI server
2. Take a backup of C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile.war to some other directory
3. Delete the folder C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile
4. Copy the new war to C:\Program Files (x86)\CA\SOI\SamUI\webapps\
5. Start the SamUI server and retest.
The new mobile.war can be required through a support case.