Clickjacking Vulnerability in Service Desk Manager
search cancel

Clickjacking Vulnerability in Service Desk Manager

book

Article ID: 133980

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

If a vulnerability scan determines Service Desk Manager is vulnerable to clickjacking, then follow the instructions in this KB article to remedy this vulnerability

Environment

Release: 17.x

Component: SERVICE DESK MANAGER

Resolution

To remedy the clickjacking vulnerability please 

  1. Navigate to  NX_ROOT\NX.env file
  2. Add the '@NX_X_FRAME_OPTIONS=Yes' variable
  3. Recycle the services for the changes to take effect.

Repeat these steps with the NX_ROOT\pdmconf\NX.env_nt.tpl file so that changes will persist through upgrades

Alternatively, you may run the following command in a Command Prompt

pdm_options_mgr -c -s X_FRAME_OPTIONS -v "Yes" -a pdm_option.inst

This command will update the NX.env file

pdm_options_mgr -c -s X_FRAME_OPTIONS -v "Yes" -a pdm_option.inst -t

This command will update the nx.env_nt.tpl file 

Additional Information

The NX_X_FRAME_OPTIONS variable, when set to Yes, results in the HTTP responses from Service Desk Manager server to include an HTTP header 'X-Frame-Options', set to the value 'SameOrigin'.

A browser receiving the content with this header will not display this content in any frame from a page of different origin than the content itself.

What is Clickjacking?

Clickjacking - Wikipedia

Powered by Wolken Software