search cancel

CLICKJACKING VULNERABILITY ON SERVICE DESK MANAGER

book

Article ID: 133980

calendar_today

Updated On:

Products

CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

A vulnerability scan was run on the Service Desk application and a clickjacking vulnerability came up. 

Environment

Release: 17.0,  17.1

Component: SERVICE DESK MANAGER

Resolution

Add the '@NX_X_FRAME_OPTIONS=Yes' variable to NX.env and .tpl files


Recycle the services for the changes to take effect.

Additional Information

What is 'clickjacking'?

https://www.imperva.com/learn/application-security/clickjacking/

https://en.wikipedia.org/wiki/Clickjacking