Vulnerability : Apache ActiveMQ Admin Console Accessible on Data Aggregator and Data Collector

book

Article ID: 142813

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

The Apache ActiveMQ Admin Console Accessible on Data Aggregator and Data Collector, can this be disabled?

Cause

Our internal security scans are showing the below Vulnerability in CA-PM Collector & Data Aggregator..

Vulnerability: Apache ActiveMQ Admin Console Accessible Using Default Credentials

Port :TCP - 8161

Description:

The default administration user name and password for the Apache ActiveMQ Administration Console is admin and admin respectively. You should change these default credentials.

Globally Announced,NO CVE-ID..

 

Refer to the below Link:

https://www.acunetix.com/vulnerabilities/web/apache-activemq-default-administrative-credentials/#:~:text=The%20default%20administration%20user%20name,should%20change%20these%20default%20credentials.

using admin/admin , below URL Accessible:

http://<DA>:8161

http://<DC>:8161

 

Environment

Release : 3.6,3.7

Component : DA Data Aggregator

Resolution

This can be disabled per the Documentation at:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/installing/complete-the-post-installation-configuration.html#concept.dita_d4fc0cdbebfc4c81fac469b71990a4b615d5a0c5_OptionalDisabletheActiveMQAdminConsolefortheDataAggregatororDataCollector