SOI Mobile GUI vulnerability: Error Handling -


Article ID: 129671


Updated On:


CA Service Operations Insight (SOI)


Security test executed before publishing the SOI mobile gui on internet has detected this vulnerability:

- Error Handling


This is the vulnerability effect as reported in related doc:

By inserting unexpected values into the parameters (for example, by entering a non-numeric value in size), the application includes the exception detail in the response.
It is necessary to capture all the exceptions generated and handle the error showing generic information as an answer.
Extend the countermeasure to the entire perimeter of the application.


SOI 4.2


A new mobile.war file is available from support

To apply it do the following steps:

1. Stop the SamUI server

2. Take a backup of C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile.war to some other directory

3. Delete the folder C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile

4. Copy the new war to C:\Program Files (x86)\CA\SOI\SamUI\webapps\

5. Start the SamUI server and retest.

Additional Information

The new mobile.war can be required through a support case.