Vulnerability critical error in Data Aggregator and Collector servers:
Java JMX RMI Accessible with Common Credentials
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0225
On the DA, the process causing this issue is java here:
# netstat -tulpn | grep 11099
tcp 0 0 0.0.0.0:11099 0.0.0.0:* LISTEN 950/java
# ls -al /proc/950/exe
lrwxrwxrwx 1 root root 0 Jan 3 22:20 /proc/950/exe -> /ca/IMDataAggregator/jre/bin/java
This is a Java doc for authentication to do with JMX:
https://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html
Java JMX RMI Accessible with Common Credentials
Release : 3.7
Component : IM Reporting / Admin / Configuration
Verify that ports 1099 and 11099 are blocked from external access.
These ports must remain open locally for internal communication.
See more on sites:
DA:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/prepare-to-install-the-data-aggregator.html
Alternately you can to enable username/password:
In activemq.xml, file change:
<managementContext>
<managementContext connectorPort="11099" createConnector="true" />
</managementContext>
To:
<managementContext>
<managementContext connectorPort="11099" createConnector="true" jmxDomainName="org.apache.activemq">
<property xmlns="http://www.springframework.org/schema/beans" name="environment">
<map xmlns="http://www.springframework.org/schema/beans">
<entry xmlns="http://www.springframework.org/schema/beans"
key="jmx.remote.x.password.file"
value="${activemq.base}/conf/jmx.password"/>
<entry xmlns="http://www.springframework.org/schema/beans"
key="jmx.remote.x.access.file"
value="${activemq.base}/conf/jmx.access"/>
</map>
</property>
</managementContext>
</managementContext>
edit conf/jmx.password to have a different password for admin.
After next upgrade is necessary to change the activemq.xml and jmx.password files