APM Wily servers have been flagged by vulnerability scans for the following issues:
1-
- Titles aggregated to: Self-signed TLS/SSL certificate
2-
- HTTP OPTIONS Method Enabled
Release : 10.7.0
Component : APM Mangers
Report #1 : Titles aggregated to: Self-signed TLS/SSL certificate
SSL needs to be configure by customer environment administrator with their own certificates. Please follow below documentation for SSL configuration,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/application-performance-management/10-7/administrating/configure-enterprise-manager/configure-enterprise-manager-communications/jetty-configuration-options-for-version-10-7.html
Report #2 : HTTP OPTIONS Method Enabled
We can disable HTTP OPTIONS method with configuration in em-jetty-config.xml and webview-jetty-config.xml file under config folder of EM installation.